CVE-2018-5390

Publication date 6 August 2018

Last updated 25 August 2025

Ubuntu priority

High

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

From the Ubuntu Security Team

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-30.32
16.04 LTS xenial
Fixed 4.4.0-133.159
14.04 LTS trusty
Fixed 3.13.0-155.205
linux-aws 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-1017.17
16.04 LTS xenial
Fixed 4.4.0-1065.75
14.04 LTS trusty
Fixed 4.4.0-1027.30
linux-flo 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-azure 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-1019.19
16.04 LTS xenial
Fixed 4.15.0-1019.19~16.04.1
14.04 LTS trusty
Not affected
linux-azure-edge 18.10 cosmic Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial
Fixed 4.15.0-1019.19
14.04 LTS trusty Not in release
linux-euclid 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial
Fixed 4.4.0-9029.31
14.04 LTS trusty Not in release
linux-gcp 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-1015.15
16.04 LTS xenial
Fixed 4.15.0-1015.15~16.04.1
14.04 LTS trusty Not in release
linux-gke 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Not in release
linux-goldfish 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-grouper 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-hwe 18.10 cosmic Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial
Fixed 4.15.0-30.32~16.04.1
14.04 LTS trusty Not in release
linux-hwe-edge 18.10 cosmic Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial
Fixed 4.15.0-30.32~16.04.1
14.04 LTS trusty Not in release
linux-kvm 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-1017.17
16.04 LTS xenial
Fixed 4.4.0-1031.37
14.04 LTS trusty Not in release
linux-lts-trusty 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-utopic 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-vivid 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-wily 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-lts-xenial 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty
Fixed 4.4.0-133.159~14.04.1
linux-maguro 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-mako 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-manta 18.10 cosmic Not in release
18.04 LTS bionic Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release
linux-oem 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-1013.16
16.04 LTS xenial Ignored end of standard support, was needed
14.04 LTS trusty Not in release
linux-raspi2 18.10 cosmic
Not affected
18.04 LTS bionic
Fixed 4.15.0-1018.19
16.04 LTS xenial
Fixed 4.4.0-1094.102
14.04 LTS trusty Not in release
linux-snapdragon 18.10 cosmic Not in release
18.04 LTS bionic
Not affected
16.04 LTS xenial
Fixed 4.4.0-1098.103
14.04 LTS trusty Not in release

Notes

tyhicks

Known as "SegmentSmack"

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3742-1
    • Linux kernel vulnerabilities
    • 14 August 2018
    • USN-3742-2
    • Linux kernel (Trusty HWE) vulnerabilities
    • 14 August 2018
    • USN-3763-1
    • Linux kernel vulnerability
    • 11 September 2018
    • USN-3741-2
    • Linux kernel (Xenial HWE) vulnerabilities
    • 14 August 2018
    • USN-3741-1
    • Linux kernel vulnerabilities
    • 14 August 2018
    • USN-3732-1
    • Linux kernel vulnerability
    • 6 August 2018
    • USN-3732-2
    • Linux kernel (HWE) vulnerability
    • 6 August 2018

Other references