Skip to main content

SegmentSmack & FragmentSmack Linux Kernel Vulnerabilities

Security researchers have discovered two vulnerabilities, known as SegmentSmack and FragmentSmack, in the Linux kernel.
Threat ID:
CC-2572
Category:
Threat Severity:
Low
Threat Vector:
Published:
7 August 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Security researchers have discovered two vulnerabilities, known as SegmentSmack and FragmentSmack, in the Linux kernel.

Threat details

A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition on an affected device.

SegmentSmack (CVE-2018-5390) describes a flaw in how the kernel handles maliciously crafted TCP packets. Sending these packets during an ongoing TCP session can trigger resource intensive calls to the tcp_prune_ofo_queue() and tcp_collapse_ofo_queue() functions, which could then lead to CPU saturation.

FragmentSmack (CVE-2018-5391) is a vulnerability in how the kernel reassembles IPv4 and IPv6 packets. The alogrithms used to reassemble these packets are resource intensive and can again cause CPU saturation.

For further information

Threat updates

Date Update
17 Sep 2018

Microsoft have disclosed that all supported versions of Windows are vulnerable to FragmentSmack attacks.

Remediation advice

Users and administrators encouraged to review the CERT/CC Vulnerability Notes VU #962459 and VU #641765 and apply the necessary updates.

Remediation steps

Type Step

Update  

Microsoft released a security update to address these vulnerabilities as part of the regular update schedule. Users are encouraged to apply this update to their affected systems immediately.

Last edited: 17 February 2020 12:54 pm