The Linux kernel has been hit with a TCL flaw that was recently discovered by security researcher Juha-Matti Tilli. Assigned CVE-2018-5390, this flaw could be exploited by malicious actors to trigger a resource exhaustion attack using an available open port. This flaw, named SegmentSmack by Red Hat, affects the Linux kernel 4.9 or above.
The attacker could make expensive calls using specially modified packets, which can further lead to denial of service. This could happen due to CPU saturation, especially on a system with a small bandwidth of the incoming network.
The attacker can dismantle the host with even less than 2 kpps (kilo packets per second) traffic. “A result of the attack with 4 streams can look like a complete saturation of 4 CPU cores and delays in a network packets processing,” as per Red Hat.
However, it’s worth noting that the attack can’t be performed using spoofed IP addresses as DoS needs a 2-way TCP session to a accessible open port.
To address this vulnerability, Linux kernel developers have already released the patch. At the moment, no other mitigation technique is known apart from running a fixed kernel. Any proof-of-concept of the attack is also unavailable.
Source: https://fossbytes.com/segmentsmack-tcp-flaw-linux-kernel-remote-denial-of-service/
Submitted by: Arnfried Walbrecht
Comments are closed.