Synology-SA-18:44 Linux kernel
Publish Time: 2018-08-15 13:17:16 UTC+8
Last Updated: 2021-04-14 08:43:39 UTC+8
CVE-2018-5391, a.k.a. FragmentSmack attack, allows remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Diskstation Manager (DSM), SkyNAS or VS960HD.
SRM 1.1 is not affected as CVE-2018-5391 only affects Linux kernel 3.9 or above.
|Product||Severity||Fixed Release Availability|
|DSM 6.2||Important||Upgrade to 6.2.1-23824-1 or above.|
|DSM 6.1||Important||Upgrade to 6.2.1-23824-1 or above.|
|DSM 5.2||Important||Upgrade to 6.2.1-23824-1 or above.|
|SkyNAS||Important||Will not fix.|
|VS960HD||Important||Will not fix.|
|SRM 1.1||Not affected||N/A|
If you need immediate assistance, please contact Synology technical support via https://account.synology.com/en-global/support.
- Severity: Important
- CVSS3 Base Score: 7.5
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
|1||2018-08-15||Initial public release.|
|2||2019-12-17||Update for DSM 6.2, DSM 6.1 and DSM 5.2 are now available in Affected Products.|
|3||2021-04-14||Disclosed vulnerability details.|