SegmentSmack and FragmentSmack

SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391) potentially exploitable to trigger a DoS condition.

These vulnerabilities reside in the Linux kernel’s TCP stack. An attacker can exploit them by sending malformed TCP or IP packets to cause the cause a significant resource usage in Linux-based systems.

The saturation of resources on the vulnerable system could lead to their reboot.

Vulnerable devices:

- Linux kernel 4.9 and later are vulnerable to SegmentSmack Linux devices running Linux kernel 3.9 and later are vulnerable to FragmentSmack.

“Vendors of Linux-based SOHO routers will probably be slower in incorporating these updates. ISP-grade routers, firewall providers, cloud services, and hosting firms will also have to ship or deploy updates.”