Number: AV18-125
Date: 07 August 2018
Purpose
The purpose of this advisory is to bring attention to a Linux and FreeBSD kernel TCP vulnerability.
Assessment
Vulnerability in the implementation of the TCP protocol has been discovered in the kernel of Linux and FreeBSD that may lead to system resource exhaustion. A remote attacker may be able to trigger a denial-of-service condition against a system with an available open port.
Affected Versions:
- Linux kernel versions 4.9 and greater
- All supported versions of FreeBSD
CVE References: CVE-2018-5390, CVE-2018-6922
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References: