CVE-2018-5390 in Ubuntu

CVE-2018-5390

Priority

High

Description

Linux kernel versions 4.9+ can be forced to make very expensive calls to
tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming
packet which can lead to a denial of service.

Ubuntu-Description

Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel
performed algorithmically expensive operations in some situations when
handling incoming packets. A remote attacker could use this to cause a
denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390
https://www.kb.cert.org/vuls/id/962459
https://usn.ubuntu.com/usn/usn-3732-1
https://usn.ubuntu.com/usn/usn-3732-2
https://usn.ubuntu.com/usn/usn-3741-1
https://usn.ubuntu.com/usn/usn-3741-2
https://usn.ubuntu.com/usn/usn-3742-1
https://usn.ubuntu.com/usn/usn-3742-2

Notes

tyhicks> Known as "SegmentSmack"

Assigned-to

tyhicks

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-155.206~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1031.37)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1017.17)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	needed
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-155.205)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-133.159)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-30.32)
Ubuntu 18.10 (Cosmic Cuttlefish):	not-affected (4.17.0-7.8)

Patches:

Introduced by 36a6503feddadbbad415fb3891e80f94c10a9b21	Fixed by 72cd43ba64fc172a443410ce01645895850844c8
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Fixed by f4a3313d8e2ca9fd8d8f45e40a2903ba782607e7
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	Fixed by 3d4bf93ac12003f9b8e1e2de37fe27983deebdcf

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1098.103)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1019.19~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1019.19)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-133.159~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1015.15~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1015.15)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-1027.30)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1065.75)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1017.17)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1094.102)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1018.19)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1019.19)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-30.32~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-30.32~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1013.16)
Ubuntu 18.10 (Cosmic Cuttlefish):	needed

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.18~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

More Information

Updated: 2018-08-22 22:14:46 UTC (commit e0e6dbf6a888532d3104a9723d45eb65b9bf7a34)