{"id":"CVE-2018-5391","details":"The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.","modified":"2026-03-12T22:52:58.180558Z","published":"2018-09-06T21:29:00.363Z","related":["MGASA-2018-0391","MGASA-2018-0418","MGASA-2018-0419","SUSE-SU-2018:2344-1","SUSE-SU-2018:2344-2","SUSE-SU-2018:2374-1","SUSE-SU-2018:2380-1","SUSE-SU-2018:2381-1","SUSE-SU-2018:2450-1","SUSE-SU-2018:2596-1","SUSE-SU-2018:3787-1","SUSE-SU-2018:3792-1","SUSE-SU-2018:3860-1","SUSE-SU-2018:3865-1","SUSE-SU-2018:3880-1","SUSE-SU-2018:3881-1","SUSE-SU-2019:0541-1","SUSE-SU-2019:0645-1","SUSE-SU-2019:0672-1","SUSE-SU-2019:1289-1"],"references":[{"type":"WEB","url":"https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3096"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/641765"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3590"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/06/4"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3083"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3459"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3742-1/"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041476"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2948"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20181003-0002/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3742-2/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/06/3"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041637"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3740-1/"},{"type":"ADVISORY","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2791"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2846"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2924"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2925"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3741-2/"},{"type":"ADVISORY","url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105108"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3540"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3586"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3740-2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3741-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4272"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2933"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/06/28/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2785"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.9"},{"last_affected":"4.18"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"1607"}]},{"events":[{"introduced":"0"},{"last_affected":"1703"}]},{"events":[{"introduced":"0"},{"last_affected":"1709"}]},{"events":[{"introduced":"0"},{"last_affected":"1803"}]},{"events":[{"introduced":"0"},{"last_affected":"r2-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"r2-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"r2"}]},{"events":[{"introduced":"0"},{"last_affected":"1709"}]},{"events":[{"introduced":"0"},{"last_affected":"1803"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"11.5.1"},{"fixed":"11.6.5.1"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.3"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.2.4"}]},{"events":[{"introduced":"0"},{"fixed":"6.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.13.3"}]},{"events":[{"introduced":"0"},{"fixed":"6.1"}]},{"events":[{"introduced":"0"},{"fixed":"6.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.0"}]},{"events":[{"introduced":"0"},{"fixed":"2.0"}]},{"events":[{"introduced":"0"},{"fixed":"6.4"}]},{"events":[{"introduced":"0"},{"fixed":"3.2"}]},{"events":[{"introduced":"0"},{"fixed":"3.2"}]},{"events":[{"introduced":"0"},{"fixed":"3.2"}]},{"events":[{"introduced":"0"},{"fixed":"3.2"}]},{"events":[{"introduced":"0"},{"fixed":"3.2"}]},{"events":[{"introduced":"0"},{"fixed":"2.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.1"}]},{"events":[{"introduced":"0"},{"fixed":"2.2"}]},{"events":[{"introduced":"0"},{"fixed":"2.1"}]},{"events":[{"introduced":"0"},{"fixed":"1.3"}]},{"events":[{"introduced":"0"},{"fixed":"1.3"}]},{"events":[{"introduced":"0"},{"fixed":"1.3"}]},{"events":[{"introduced":"0"},{"fixed":"1.3"}]},{"events":[{"introduced":"0"},{"fixed":"1.3"}]},{"events":[{"introduced":"1.1"},{"fixed":"2.0.1"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5391.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}