Number: AV18-125
Date: 07 August 2018
Purpose
The purpose of this advisory is to bring attention to a Linux and FreeBSD kernel TCP vulnerability .
Assessment
Vulnerability in the implementation of the TCP protocol has been discovered in the kernel of Linux and FreeBSD that may lead to system resource exhaustion. A remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
Affected Versions:
- Linux kernel versions 4.9 and greater
- All supported versions of FreeBSD
CVE References: CVE-2018-5390, CVE-2018-6922
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References: