{"id":"CVE-2018-5390","details":"Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.","modified":"2026-04-16T06:20:22.762097248Z","published":"2018-08-06T20:29:01.570Z","related":["SUSE-SU-2018:2222-1","SUSE-SU-2018:2223-1","SUSE-SU-2018:2328-1","SUSE-SU-2018:2344-1","SUSE-SU-2018:2344-2","SUSE-SU-2018:2374-1","SUSE-SU-2018:2472-1","SUSE-SU-2018:2474-1","SUSE-SU-2018:2596-1","SUSE-SU-2018:2787-1","SUSE-SU-2018:2860-1","SUSE-SU-2018:2864-1","SUSE-SU-2018:2960-1","SUSE-SU-2018:2961-1","SUSE-SU-2018:2962-1","SUSE-SU-2018:2963-1","SUSE-SU-2018:3029-1","SUSE-SU-2018:3172-1","SUSE-SU-2018:3265-1","SUSE-SU-2018:3328-1","SUSE-SU-2018:3470-1","SUSE-SU-2018:3789-1","SUSE-SU-2019:0955-1","SUSE-SU-2019:14127-1","SUSE-SU-2019:1425-1","SUSE-SU-2019:1767-1","SUSE-SU-2019:1870-1","SUSE-SU-2019:2230-1","SUSE-SU-2019:2601-1","SUSE-SU-2019:2821-1"],"references":[{"type":"WEB","url":"https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104976"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2384"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2645"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2789"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"},{"type":"ADVISORY","url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K95343321"},{"type":"ADVISORY","url":"https://www.synology.com/support/security/Synology_SA_18_41"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/06/28/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2403"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2791"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2933"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3742-2/"},{"type":"ADVISORY","url":"https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"},{"type":"ADVISORY","url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/06/3"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3732-2/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041434"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4266"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/962459"},{"type":"ADVISORY","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2402"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2790"},{"type":"ADVISORY","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3742-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3763-1/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/06/4"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041424"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2395"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2785"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2924"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3732-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3741-2/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2776"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2948"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180815-0003/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3741-1/"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"4.9"},{"fixed":"4.18"}]},{"events":[{"introduced":"0"},{"last_affected":"4.18-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"4.18-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.18-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"4.18-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.18-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.18-rc6"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"fixed":"8.2.7.1"}]},{"events":[{"introduced":"6.6.0"},{"last_affected":"6.6.9"}]},{"events":[{"introduced":"6.7.0"},{"last_affected":"6.7.5"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1."},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.0.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"11.5.1"},{"last_affected":"11.6.3"}]},{"events":[{"introduced":"12.1.0"},{"last_affected":"12.1.3"}]},{"events":[{"introduced":"13.0.0"},{"last_affected":"13.1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"5.0.0"},{"last_affected":"5.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2.2-p5"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.0-p11"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.1-p8"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.2-p4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.4"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1.4-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.1"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.2"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.3"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.4"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1(1a)"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.1"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.2"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.3"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.10.4"}]},{"events":[{"introduced":"0"},{"last_affected":"x8.11"}]},{"events":[{"introduced":"0"},{"last_affected":"xc4.3"}]},{"events":[{"introduced":"0"},{"last_affected":"xc4.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"xc4.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"xc4.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"xc4.3.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5390.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}