To exploit this issue, an attacker can send a connection request with an spoofed source address to the target system. Since the socket address is validated before being accepted, the connection is accepted by the system with the attacker’s address instead of the spoofed address. This issue can be exploited very easily by sending an ICMP echo request from an unexpected source to the target system. It is worth mentioning that the ICMP echo request is sent to the target system with the “Don’t Fragment” flag enabled. This results in the packet being validated before being accepted. As a result, the connection request sent by the attacker is accepted by the system with the attacker’s address instead of the spoofed address. In the default configuration, most Linux distributions do not set the “Don’t Fragment” flag when sending ICMP echo requests. This issue can be easily exploited to cause a denial of service.
CVE-2018-14618 has been assigned to this vulnerability. A list of affected Linux distributions can be found here. This issue has been fixed in the kernel versions 4.17.0, 5.0.0, and 5.0.1. Users can update their systems to the latest stable version by installing updates.
References:
1. https://lwn.net/Articles/710532/
2. https://www.suse.com/support/kb/documents/suse-security-bulletin-CVE-2018-14618.html
3. https://lkml.org/lkml/2018/10/24
4. https://access.redhat.com/sites/default/files/documentation-public-fileserver2_0_8_20181023_enUSSRFINALENGLISHMSOONERTERRORISTSANDWEAPONSMACHINESSSECURITYBULLETINS_0_.pdf
References CVE-2022-28356
https://www.qualys.com/2019/02/15/CVE-2018-14618
https://www.qualys.com/2019/02/15/CVE-2018-14618
Linux Kernel 4.17.0
The Linux kernel 4.17.0 is vulnerable to a denial of service attack when the 'IOUSBFamily' module is loaded. This issue has been fixed in the kernel versions 4.17.0, 5.0.0, and 5.0.1. Users can update their systems to the latest stable version by installing updates.
Reference: URL
To exploit this issue, an attacker can send a connection request with an spoofed source address to the target system. Since the socket address is validated before being accepted, the connection is accepted by the system with the attacker’s address instead of the spoofed address. This issue can be exploited very easily by sending an ICMP echo request from an unexpected source to the target system. It is worth mentioning that the ICMP echo request is sent to the target system with the “Don’t Fragment” flag enabled. This results in the packet being validated before being accepted. As a result, the connection request sent by the attacker is accepted by the system with the attacker’s address instead of the spoofed address. In default configuration, most Linux distributions do not set this flag when sending ICMP echo requests. This issue can be easily exploited to cause a denial of service (DoS).
CVE-2018-14618 has been assigned to this vulnerability. A list of affected Linux distributions can be found here. This issue has been fixed in kernel versions 4.17.0, 5.0.0, and 5.0.1.. Users can update their systems to latest stable version by installing updates
Timeline
Published on: 04/02/2022 21:15:00 UTC
Last modified on: 07/04/2022 11:15:00 UTC
References
- https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1
- http://www.openwall.com/lists/oss-security/2022/04/06/1
- https://www.debian.org/security/2022/dsa-5127
- https://security.netapp.com/advisory/ntap-20220506-0006/
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://www.debian.org/security/2022/dsa-5173
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28356