CVE-2018-5391 - 漏洞详情

CVE-2018-5391 (CNNVD-201808-570)

HIGH

中文标题:

Linux kernel 输入验证错误漏洞

英文标题:

The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

CVSS分数: 7.5

发布时间: 2018-09-06 21:00:00

漏洞类型: 输入验证错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 3.9+版本中存在输入验证错误漏洞。远程攻击者可通过发送特制的IP碎片利用该漏洞造成拒绝服务。

英文描述:

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.

CWE类型:

CWE-20 CWE-400

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Linux	Kernel	-	< 3.9*	-	`cpe:2.3:a:linux:kernel::::::::`
linux	linux_kernel	*	-	-	`cpe:2.3:o:linux:linux_kernel::::::::`
redhat	enterprise_linux_desktop	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*`
redhat	enterprise_linux_desktop	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*`
redhat	enterprise_linux_server	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*`
redhat	enterprise_linux_server	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
redhat	enterprise_linux_server_aus	6.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*`
redhat	enterprise_linux_server_aus	6.5	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*`
redhat	enterprise_linux_server_aus	6.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*`
redhat	enterprise_linux_server_aus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*`
redhat	enterprise_linux_server_aus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*`
redhat	enterprise_linux_server_aus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*`
redhat	enterprise_linux_server_eus	6.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:::::::*`
redhat	enterprise_linux_server_eus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*`
redhat	enterprise_linux_server_eus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*`
redhat	enterprise_linux_server_eus	7.5	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*`
redhat	enterprise_linux_server_tus	6.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:::::::*`
redhat	enterprise_linux_server_tus	7.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*`
redhat	enterprise_linux_server_tus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*`
redhat	enterprise_linux_server_tus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*`
redhat	enterprise_linux_workstation	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*`
redhat	enterprise_linux_workstation	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*`
debian	debian_linux	8.0	-	-	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`
debian	debian_linux	9.0	-	-	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
canonical	ubuntu_linux	12.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::`
canonical	ubuntu_linux	14.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::`
canonical	ubuntu_linux	16.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::`
canonical	ubuntu_linux	18.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`
microsoft	windows_10	-	-	-	`cpe:2.3:o:microsoft:windows_10:-:::::::*`
microsoft	windows_10	1607	-	-	`cpe:2.3:o:microsoft:windows_10:1607:::::::*`
microsoft	windows_10	1703	-	-	`cpe:2.3:o:microsoft:windows_10:1703:::::::*`
microsoft	windows_10	1709	-	-	`cpe:2.3:o:microsoft:windows_10:1709:::::::*`
microsoft	windows_10	1803	-	-	`cpe:2.3:o:microsoft:windows_10:1803:::::::*`
microsoft	windows_7	-	-	-	`cpe:2.3:o:microsoft:windows_7:-:sp1::::::`
microsoft	windows_8.1	-	-	-	`cpe:2.3:o:microsoft:windows_8.1:-:::::::*`
microsoft	windows_rt_8.1	-	-	-	`cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*`
microsoft	windows_server_2008	-	-	-	`cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::`
microsoft	windows_server_2008	r2	-	-	`cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*`
microsoft	windows_server_2012	-	-	-	`cpe:2.3:o:microsoft:windows_server_2012:-:::::::*`
microsoft	windows_server_2012	r2	-	-	`cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*`
microsoft	windows_server_2016	-	-	-	`cpe:2.3:o:microsoft:windows_server_2016:-:::::::*`
microsoft	windows_server_2016	1709	-	-	`cpe:2.3:o:microsoft:windows_server_2016:1709:::::::*`
microsoft	windows_server_2016	1803	-	-	`cpe:2.3:o:microsoft:windows_server_2016:1803:::::::*`
f5	big-ip_access_policy_manager	*	-	-	`cpe:2.3:a:f5:big-ip_access_policy_manager::::::::`
f5	big-ip_advanced_firewall_manager	*	-	-	`cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::`
f5	big-ip_analytics	*	-	-	`cpe:2.3:a:f5:big-ip_analytics::::::::`
f5	big-ip_application_acceleration_manager	*	-	-	`cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::`
f5	big-ip_application_security_manager	*	-	-	`cpe:2.3:a:f5:big-ip_application_security_manager::::::::`
f5	big-ip_domain_name_system	*	-	-	`cpe:2.3:a:f5:big-ip_domain_name_system::::::::`
f5	big-ip_edge_gateway	*	-	-	`cpe:2.3:a:f5:big-ip_edge_gateway::::::::`
f5	big-ip_fraud_protection_service	*	-	-	`cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::`
f5	big-ip_global_traffic_manager	*	-	-	`cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::`
f5	big-ip_link_controller	*	-	-	`cpe:2.3:a:f5:big-ip_link_controller::::::::`
f5	big-ip_local_traffic_manager	*	-	-	`cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::`
f5	big-ip_policy_enforcement_manager	*	-	-	`cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::`
f5	big-ip_webaccelerator	*	-	-	`cpe:2.3:a:f5:big-ip_webaccelerator::::::::`
siemens	ruggedcom_rm1224_firmware	*	-	-	`cpe:2.3:o:siemens:ruggedcom_rm1224_firmware::::::::`
siemens	ruggedcom_rox_ii_firmware	*	-	-	`cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware::::::::`
siemens	scalance_m-800_firmware	*	-	-	`cpe:2.3:o:siemens:scalance_m-800_firmware::::::::`
siemens	scalance_s615_firmware	*	-	-	`cpe:2.3:o:siemens:scalance_s615_firmware::::::::`
siemens	scalance_sc-600_firmware	*	-	-	`cpe:2.3:o:siemens:scalance_sc-600_firmware::::::::`
siemens	scalance_w1700_ieee_802.11ac_firmware	*	-	-	`cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware::::::::`
siemens	scalance_w700_ieee_802.11a\/b\/g\/n_firmware	*	-	-	`cpe:2.3:o:siemens:scalance_w700_ieee_802.11a\/b\/g\/n_firmware::::::::`
siemens	simatic_net_cp_1242-7_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1242-7_firmware::::::::`
siemens	simatic_net_cp_1243-1_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware::::::::`
siemens	simatic_net_cp_1243-7_lte_eu_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1243-7_lte_eu_firmware::::::::`
siemens	simatic_net_cp_1243-7_lte_us_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1243-7_lte_us_firmware::::::::`
siemens	simatic_net_cp_1243-8_irc_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware::::::::`
siemens	simatic_net_cp_1542sp-1_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware::::::::`
siemens	simatic_net_cp_1542sp-1_irc_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware::::::::`
siemens	simatic_net_cp_1543-1_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware::::::::`
siemens	simatic_net_cp_1543sp-1_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware::::::::`
siemens	simatic_rf185c_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_rf185c_firmware::::::::`
siemens	simatic_rf186c_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_rf186c_firmware::::::::`
siemens	simatic_rf186ci_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_rf186ci_firmware::::::::`
siemens	simatic_rf188_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_rf188_firmware::::::::`
siemens	simatic_rf188ci_firmware	*	-	-	`cpe:2.3:o:siemens:simatic_rf188ci_firmware::::::::`
siemens	sinema_remote_connect_server_firmware	*	-	-	`cpe:2.3:o:siemens:sinema_remote_connect_server_firmware::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

RHSA-2018:3540 vendor-advisory
cve.org

访问

RHSA-2018:2785 vendor-advisory
cve.org

访问

RHSA-2018:3083 vendor-advisory
cve.org

访问

RHSA-2018:2925 vendor-advisory
cve.org

访问

VU#641765 third-party-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

USN-3741-2 vendor-advisory
cve.org

访问

1041476 vdb-entry
cve.org

访问

RHSA-2018:3459 vendor-advisory
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

RHSA-2018:2933 vendor-advisory
cve.org

访问

USN-3740-2 vendor-advisory
cve.org

访问

USN-3741-1 vendor-advisory
cve.org

访问

RHSA-2018:3590 vendor-advisory
cve.org

访问

RHSA-2018:2948 vendor-advisory
cve.org

访问

USN-3742-2 vendor-advisory
cve.org

访问

USN-3740-1 vendor-advisory
cve.org

访问

105108 vdb-entry
cve.org

访问

[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update mailing-list
cve.org

访问

USN-3742-1 vendor-advisory
cve.org

访问

RHSA-2018:2924 vendor-advisory
cve.org

访问

DSA-4272 vendor-advisory
cve.org

访问

RHSA-2018:3586 vendor-advisory
cve.org

访问

RHSA-2018:2846 vendor-advisory
cve.org

访问

1041637 vdb-entry
cve.org

访问

RHSA-2018:3096 vendor-advisory
cve.org

访问

RHSA-2018:2791 vendor-advisory
cve.org

访问

[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update mailing-list
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

[oss-security] 20190628 Re: linux-distros membership application - Microsoft mailing-list
cve.org

访问

[oss-security] 20190706 Re: linux-distros membership application - Microsoft mailing-list
cve.org

访问

[oss-security] 20190706 Re: linux-distros membership application - Microsoft mailing-list
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

CVSS评分详情

7.5

HIGH

CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS版本: 3.1

机密性

NONE

完整性

NONE

可用性

HIGH

时间信息

发布时间:

2018-09-06 21:00:00

修改时间:

2024-08-05 05:33:44

创建时间:

2025-11-11 15:35:19

更新时间:

2025-11-11 15:53:53

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2018-5391`	2025-11-11 15:19:52	2025-11-11 07:35:19
NVD	`nvd_CVE-2018-5391`	2025-11-11 14:55:58	2025-11-11 07:43:53
CNNVD	`cnnvd_CNNVD-201808-570`	2025-11-11 15:10:04	2025-11-11 07:53:53

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:53:53

vulnerability_type: 未提取 → 输入验证错误; cnnvd_id: 未提取 → CNNVD-201808-570; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 输入验证错误
cnnvd_id: 未提取 -> CNNVD-201808-570
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:43:53

severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.5; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 1 → 78; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
cvss_score: 未提取 -> 7.5
cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss_version: NOT_EXTRACTED -> 3.1
affected_products_count: 1 -> 78
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2018-5391 (CNNVD-201808-570)

中文标题:

Linux kernel 输入验证错误漏洞

英文标题:

The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史