Package: Kernel Version: 4.9+
Severity: Critical So I was reading isc.sans.edu and came across this That people are dubbing "segmentsmack" https://isc.sans.edu/forums/diary/What+Do+I+Need+To+Know+about+SegmentSmack/ 23964/ Which affects Linux Kernels 4.9+ https://www.kb.cert.org/vuls/id/962459 "The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets." Vulnerability Note VU#962459 TCP implementations vulnerable to Denial of Service The Linux kernel versions 4.9+ and supported versions of FreeBSD are vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-5390 Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') - CVE-2018-6922 A TCP data structure in supported versions of FreeBSD (11, 11.1, 11.2, 10, and 10.4) use an inefficient algorithm to reassemble the data. Now it does say that Debian is susceptible to this bug as well. "Debian GNU/Linux Affected 23 Jul 2018" uname -a Linux server1 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux As you can see I am on Debian 9.5 using a kernel version of 4.9.88-1+deb9u1
