SegmentSmack: Linux Kernel Could Trigger A Remote Denial Of Service

Security researchers from Carnegie Mellon University's have found a kernel bug which could be used to hit systems with a denial-of-service attack on networking kit. Linux Kernel version 4.9 and later, are vulnerable to this bug.

Researcher found that newer versions of the Linux kernel can be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)". All the system, mobile devices, and servers which are running on Linux found to be vulnerable with this, but the researcher has not confirmed the product. You can check the list of the network equipment that may be vulnerable.

To exploit this bug, attackers just need to send a special crafted packet within ongoing TCP sessions, that too remotely. But another thing to be noted is attacker needs to have continuous two-way TCP sessions to a reachable and open port for sustaining the attack.

Red Hat have confirmed the bug and named it as 'SegmentSmack'.  This kernel bug has been assigned with the CVE ID,CVE-2018-5390. Red Hat says following system were affected RHEL 6 and 7, RHEL 7 for Real Time, RHEL 7 for ARM64 systems, RHEL 7 for IBM POWER systems, and RHEL Atomic Host.
On the blog post, Red Hat says-
"In a worst-case scenario, an attacker can stall an affected host or device with less than 2kpps [2,000 packets per second] of an attack traffic". "A result of the attack with four streams can look like a complete saturation of four CPU cores and delays in a network packets processing,".
To address this vulnerability, Linux kernel developers have already released the patch. At the moment, no other mitigation technique is known apart from running a fixed kernel. Any proof-of-concept of the attack is also unavailable.
With ❤️ Cyber Kendra