CVE-2018-5391

The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

EPSS 24.1%CWE-400

In short

The Linux kernel has a flaw in how it handles fragmented IP packets, allowing an attacker to crash or hang a system by sending specially crafted fragments at a slow rate. This is dangerous because it requires minimal network traffic to cause disruption.

Technical detail

CVE-2018-5391 exploits IP fragment reassembly logic in Linux kernel 3.9+, where an attacker can trigger denial of service by sending low-rate malformed IP fragments that consume excessive kernel resources. The vulnerability exists in the fragment reassembly queue; no authentication is required, and the attack has low bandwidth requirements while causing system unavailability or crash.

Summary generated and translated by AI from the official description.

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

Affected products

Linux · Kernel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References