Security

Remote Denial of Service Vulnerability in Linux Kernel Patched in v4.9.116 and v4.17.11

SegmentSmack, a vulnerability that could permit denial of service attacks when exploited, gained instant fame and popularity when it was brought forward by Carnegie Mellon University’s CERT/CC cybersecurity division. However, the reporters failed to acknowledge that the newly reported vulnerability was in fact patched two weeks prior in both the 4.9.116 and 4.17.11 Linux kernels.

According to the researchers at the university, the vulnerability caused a denial of service attack by forcing the system to “make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet.” While this is true, the vulnerability has indeed been patched and many Linux distributors such as SUSE have already implemented the updates. Although some distributors such as Red Hat lag behind with them, the fact remains that the updates are available and the lagging distributors will catch on very soon too.

According to an advisory published on Red Hat’s website, the vulnerability was assigned the label CVE-2018-5390. Despite the exploit’s ability to cause CPU saturation and a DoS crash, maintenance of the DoS crash would require “continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.” If the attack is carried out with 4 streams, it can cause saturation of 4 CPU cores as shown below.

4 CPU Core Streams. Red Hat

It was found that although the researchers at Carnegie Mellon University’s CERT / CC division presented a thorough analysis of the vulnerability, they did not take into account the requirements needed to maintain the DoS crash, making the vulnerability sound far worse than it actually is.

According to the advisory, the Segment Smack vulnerability affects the Red Hat Enterprise Linux (RHEL) 6, RHEL 7, RHEL 7 for Real Time, RHEL 7 for ARM64, RHEL 7 for Power, and RHEL Atomic Host. No mitigation techniques have been posted on the site yet. It does, however, state that Red Hat is working on releasing the necessary updates and mitigation techniques to avoid the risk of exploit.

Close