Linux Kernel Version 4.9+ Vulnerability

Posted: 10 August 2018

A security vulnerability has been identified in Linux kernel versions 4.9 and above, that could result in Denial of Service conditions with low rates of specially modified packets.
 

How does this affect my organisation?

AC3-secured installations are not on vulnerable kernel versions and are not susceptible to this vulnerability as enterprise distributions have not yet started shipping the vulnerable versions.
 

Threat rating and recommendation

Based on information available at the time of this notice, we have classified this threat as Advice and no remediation actions are required. AC3 continues monitoring this vulnerability and Linux vendors.

Key:
Advice—no urgent remediation action required
Warning—watch and act
Action required—urgent remediation action required

No further communications are planned for this vulnerability.
 

More information

More information about this security vulnerability is available at the links below.
https://www.kb.cert.org/vuls/id/962459  
https://cwe.mitre.org/data/definitions/400.html