2018-08-06 SegmentSmack (CVE-2018-5309): Linux Kernel TCP Vulnerability

CVE-2018-5309: A new security vulnerability in the Linux Kernel known as SegmentSmack was publicly disclosed recently. It allows attackers to trigger the most resource-intensive code paths for TCP stream reassembly with low rates of specially crafted packets, leading to a remote denial of service.

Affected platforms

The affected versions of the Linux kernel are versions 4.9+ and maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port.

To check if your system is not vulnerable, execute the command below:

$ uname -a

Debian 8 (Jessie)

Debian Jessie kernel should be equal or greater than 3.16.57-2.

Debian 9 (Stretch)

Debian Stretch kernel should be equal or greater than 4.9.110-3+deb9u1.

Ubuntu 16.04 in Azure

Ubuntu 16.04 kernel version in Azure should be equal or greater than 4.15.0-1019-azure.

Oracle Enterprise Linux

This distribution is not affected.

Other distributions: RHEL, CentOS, Ubuntu 16.04 in AWS, …

There is not any new package for these Linux distributions at the moment of writing this.

How to patch it

If your system is affected, follow the steps below for your platform.

Ubuntu and Debian

Run the following command to patch the system and then reboot:

$ sudo apt-get update && sudo apt-get dist-upgrade
$ sudo reboot

Red Hat, CentOS and Amazon Linux

Run the following command to patch the system and then reboot:

$ sudo yum update
$ sudo reboot

Once you have completed the steps above, you will have the fixed version of the kernel/operating system running on your server. If you have any question about this process, you can visit our github repository. We will be happy to help!