Linux kernel maintainers have released security patches that address two vulnerabilities, tracked as two bugs are known as SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391). potentially exploitable to trigger a DoS condition.
The vulnerabilities reside the Linux kernel’s TCP stack, an attacker can exploit them by sending malformed TCP or IP packets to cause the cause a significant resource usage in Linux-based systems.
An attacker can exploit SegmentSmack issue via a specially crafted stream of TCP segments, while the second vulnerability, FragmentSmack, could be triggered by sending a specially crafted stream of IP datagrams.
The bug for the SegmentSmack resides in the tcp_collapse_ofo_queue() function, while the second issue affects the tcp_prune_ofo_queue() function.
“Juha-Matti Tilli reported that malicious peers could inject tiny packets in out_of_order_queue, forcing very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet.” reads the security advisory.
“With tcp_rmem default of 6MB, the ooo queue could contain ~7000 nodes. “
“Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.” states the description provided by the Mitre.
Devices running Linux kernel 4.9 and later are vulnerable to SegmentSmack, while Linux devices running Linux kernel 3.9 and later are vulnerable to FragmentSmack.
Most popular Linux distros, including Debian, Red Hat, and Ubuntu have already rolled out the security updates.
“The Linux kernel project has released an updated version that includes fixes for both [1, 2]. Companies and open source projects that use the Linux kernel for their custom operating systems will have to update the Linux kernel they use to include these two updates.” reported Bleeping Computer.
“Vendors of Linux-based SOHO routers will probably be slower in incorporating these updates. ISP-grade routers, firewall providers, cloud services, and hosting firms will also have to ship or deploy updates.”