(Red Hat Issues Fix) Linux Kernel TCP Reassembly Algorithm Lets Remote Users Consume Excessive CPU Resources on the Target System
SecurityTracker Alert ID: 1041722|
SecurityTracker URL: http://securitytracker.com/id/1041722
(Links to External Site)
Updated: Sep 25 2018|
Original Entry Date: Sep 25 2018
Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): RHEL 6, 6.4, 7.2, 7.3, and 7.4|
A vulnerability was reported in the Linux kernel. A remote user can consume excessive CPU resources on the target system.|
The system uses an inefficient TCP reassembly algorithm. A remote user can send specially crafted data via an established TCP connection to consume excessive CPU resources on the target system.
Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) reported this vulnerability.
A remote user can consume excessive CPU resources on the target system.|
Red Hat has issued a fix.|
The Red Hat advisories are available at:
Vendor URL: access.redhat.com/errata/RHSA-2018:2789 (Links to External Site)
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: [RHSA-2018:2789-01] Important: kernel-rt security and bug fix update|
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2018:2789-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2789
Issue date: 2018-09-25
CVE Names: CVE-2018-5390
An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
* A flaw named SegmentSmack was found in the way the Linux kernel handled
specially crafted TCP packets. A remote attacker could use this flaw to
trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system. Maintaining the denial of service
condition requires continuous two-way TCP sessions to a reachable open
port, thus the attacks cannot be performed using spoofed IP addresses.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting this
* The kernel-rt packages have been upgraded to the 3.10.0-693.39.1 source
tree, which provides a number of bug fixes over the previous version.
* Previously, preemption was enabled too early after a context switch. If a
task was migrated to another CPU after a context switch, a mismatch between
CPU and runqueue during load balancing sometimes occurred. Consequently, a
runnable task on an idle CPU failed to run, and the operating system became
unresponsive. This update disables preemption in the schedule_tail()
function. As a result, CPU migration during post-schedule processing no
longer occurs, which prevents the above mismatch. The operating system no
longer hangs due to this bug. (BZ#1618466)
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
1616431 - update the MRG 2.5.z 3.10 kernel-rt sources
1618466 - RT system hang due to wrong of rq's nr_running [MRG-RT]
6. Package List:
Red Hat MRG Realtime for RHEL 6 Server v.2:
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
The Red Hat security contact is <email@example.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
RHSA-announce mailing list