Synology-SA-18:41 Linux kernel

Publish Time: 2018-08-07 11:13:31 UTC+8

Last Updated: 2018-08-07 11:13:31 UTC+8

Severity
Not affected
Status
Resolved

Abstract

CVE-2018-5390, a.k.a. SegmentSmack attack, allows remote attackers to conduct denial-of-service attacks via a susceptible version of Linux kernel.

None of Synology products are affected as CVE-2018-5390 only affects Linux kernel 4.9 and later.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Not affected N/A
DSM 6.1 Not affected N/A
DSM 5.2 Not affected N/A
SkyNAS Not affected N/A
VS960HD Not affected N/A
SRM 1.1 Not affected N/A

Mitigation

None

Detail

  • CVE-2018-5390
    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Reference

Revision

Revision Date Description
1 2018-08-07 Initial public release.