Synology-SA-18:41 Linux kernel
Publish Time: 2018-08-07 11:13:31 UTC+8
Last Updated: 2018-08-07 11:13:31 UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
CVE-2018-5390, a.k.a. SegmentSmack attack, allows remote attackers to conduct denial-of-service attacks via a susceptible version of Linux kernel.
None of Synology products are affected as CVE-2018-5390 only affects Linux kernel 4.9 and later.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
DSM 6.2 | Not affected | N/A |
DSM 6.1 | Not affected | N/A |
DSM 5.2 | Not affected | N/A |
SkyNAS | Not affected | N/A |
VS960HD | Not affected | N/A |
SRM 1.1 | Not affected | N/A |
Mitigation
None
Detail
- CVE-2018-5390
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
- Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Reference
- CVE - CVE-2018-5390
- Linux Kernel TCP implementation vulnerable to Denial of Service
- Linux Kernel Vulnerability
Revision
Revision | Date | Description |
---|---|---|
1 | 2018-08-07 | Initial public release. |