Best Cyber Security

Critical Linux Kernel SegmentSmack Issue

A new vulnerability has been revealed to cause harm in Linux enabled systems.

This can effect multiple systems and devices from Routers, Servers, Workstations, IoT, Tablets, Smart phones.

The new vulnerability can be identified as: CVE Identifiers: CVE-2018-5390 

It is affecting multiple popular Linux distributions.

More information available at CERT n, please see

The vulnerability was discovered by Juha-Matti Tilli from Aalto University, Department of Communications & Networking.

Credit also goes to Nokia Bell Labs for reporting this vulnerability.

The kernel vulnerability TCP flaw can let a blackhat attacker to freeze devices with a small DoS Denial of Service attack.

The vulnerability is named SegmentSmack and gives remote blackhat attackers the possibility to knock out a system with just sending minimal amount of traffic to the target.

Linux users are being warned that the vulnerability bug persist in Linux kernel 4.9 and newer and can be exploited to cause DoS Denial of Service conditions.

SegmentSmack Linux Kernel Vulnerability

It is unknown if the vulnerability is already being exploited in the wild.

The vulnerability is that the Linux Kernel is tricked and must make very expensive connections to tcp_collapse_ofo_queue() & tcp_prune_ofo_queue() in all incoming tcp packets.

This can easily result in a Denial of Service DoS attack.

Linux centralization shows single point of vulnerability

It is still unconfirmed how many vendors are vulnerable in practical devices.

Due the centralization and wide deployment of the Linux kernel. This can show the weakness of the Linux point of view.

Large vendors vulnerable Including Amazon to Ubuntu

That one simple vulnerability can effect high amount of units from Amazon to Apple through Zyxel, Rdhat, Ubuntu.

The attacks works by remote attackers sending a specially modified packet within the started TCP sessions.

For the attacker to be successful the attacker needs to have ongoing  two way TCP sessions to a reached and open TCP port.

The heavy expensive TCP calls cause the target CPU to become overloaded on the affected system.

This causes the Denial of Service DoS condition.

Small bandwidth cause Linux Kernel DoS

The attacker can cause this situation with small bandwidth.

In worst case an attacker can crash a target with just 2kpps [2,000 packets per second].

Most vendors have already released patches that includes a newer Linux kernel upgrade.

Linux founder Linus Torvalds earlier deployed his own version of SegmentSmack to Nvidia for not supporting Linux in the Optimus technology.

Now this might be karma going around.

The Protector UTM Firewall already have IPS signatures to block this attacker across a network with vulnerable devices.