CVE: CVE-2018-5391: kernel: IP fragment re-assembly allows DOS (FragmentSmack)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Lin Shuicheng |
Bug Description
Brief Description
-----------------
The StarlingX kernel is vulnerable to CVE-2018-5391: kernel: IP fragment re-assembly allows DOS (FragmentSmack)
https:/
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVSS v2: 7.8 (AV:N/AC:
https:/
https:/
Required kernel version: kernel-
Severity
--------
Major. CVSS v2: 7.8 (AV:N/AC:
Steps to Reproduce
------------------
N/A
Expected Behavior
------------------
N/A
Actual Behavior
----------------
N/A
Reproducibility
---------------
Reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
any
Timestamp/Logs
--------------
N/A
CVE References
tags: | added: stx.security |
Changed in starlingx: | |
importance: | Undecided → High |
tags: | added: stx.2019.03 |
Changed in starlingx: | |
assignee: | nobody → Cindy Xie (xxie1) |
status: | New → Triaged |
Changed in starlingx: | |
assignee: | Cindy Xie (xxie1) → Lin Shuicheng (shuicheng) |
tags: |
added: stx.2019.05 removed: stx.2019.03 |
Changed in starlingx: | |
status: | Triaged → Fix Committed |
Changed in starlingx: | |
status: | Fix Committed → Fix Released |
tags: |
added: stx.2.0 removed: stx.2019.05 |
information type: | Private Security → Public |
Storyboard has been created for kernel upgrade: https:/ /storyboard. openstack. org/#!/ story/2004521
once the storbyboard implemented, we can make this launchpad as fixed.