Security researchers are warning Linux system users of a bug in the Linux kernel version 4.9 and up that could be used to hit systems with a denial-of-service attack on networking kit.
The warning comes from Carnegie Mellon University’s CERT/CC, which notes that newer versions of the Linux kernel can be “forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)”.
It lists a number of network-equipment vendors, PC and server manufacturers, mobile vendors, and operating-system makers that may be affected but notes that it hasn’t confirmed whether any of them actually are.
But, given the widespread use of Linux, the bug could affect every vendor from Amazon and Apple through to Ubuntu and ZyXEL.
A remote attacker could cause a DoS by sending specially modified packets within ongoing TCP sessions. But sustaining the DoS condition would mean an attacker needs to have continuous two-way TCP sessions to a reachable and open port.
SEE: 20 quick tips to make Linux networking easier (free PDF)
Because of this requirement, the attacks can’t be performed with spoofed IP addresses, notes CERT/CC’s Trent Novelly.
The bug, which has the identifier CVE-2018-5390, has been dubbed ‘SegmentSmack’ by Red Hat.
The “expensive” TCP calls cause the CPU to become saturated on the affected system, in turn creating the DoS condition. An attacker could do this “with a relatively small bandwidth of the incoming network traffic”, notes enterprise Linux distribution maker, Red Hat.
“In a worst-case scenario, an attacker can stall an affected host or device with less than 2kpps [2,000 packets per second] of an attack traffic,” explains the software company.
“A result of the attack with four streams can look like a complete saturation of four CPU cores and delays in a network packets processing,” it adds in its advisory.
It has confirmed that Red Hat systems affected include those running RHEL 6 and 7, RHEL 7 for Real Time, RHEL 7 for ARM64 systems, RHEL 7 for IBM POWER systems, and RHEL Atomic Host.
Unfortunately for admins there’s “no effective workaround/mitigation besides a fixed kernel is known at this time”, according to Red Hat.
The bug was found by Juha-Matti Tilli of a Nokia Bell Labs supported networking department from Finland’s Aalto University, where Finnish-born Linux kernel founder Linus Torvalds famously gave his own version of a SegmentSmack to Nvidia for not supporting Linux with its Optimus technology.Previous and related coverage
Windows apps made on Linux hit by security fail
That Windows app you made on a Linux system actually isn’t as protected from attacks as you thought.
Microsoft Windows, Apple macOS, Linux, BSD: All hit by same ‘serious’ security flaw
OS and hypervisor makers patch flaw that attackers could use to crash systems or read data from memory.
Windows 10: Microsoft to boost Linux app security with Windows Defender firewall
Microsoft preps new Windows 10 security features to ensure system integrity during start-up and after it’s running
Serious Linux kernel security bug fixed
Linux server administrators will want to patch their systems as soon as possible.
Enterprise IT shouldn’t blame open source for their own poor security practices TechRepublic
Open source vulnerabilities will often get disclosed earlier than those in managed software, but it’s up to IT to apply the patches.