​Linux kernel network TCP bug fixed

The denial of service bug had actually been patched in the Linux kernel weeks before news of it was ever announced.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Video: Smart cars loving Linux, competitors left in rear view

Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

Also: These are 2018's biggest hacks, leaks, and data breaches

True, this bug, already given the trendy name SegmentSmack, could cause DoS attacks. But it's already been fixed. In fact, it was patched two weeks before the problem was announced. The fixed code is already in both the 4.9.116 and 4.17.11 Linux kernels.

True, some Linux distributors, such as Red Hat, haven't updated their operating systems yet with the new patch. But, it's only a matter of time. Other Linux companies, like SUSE, have patched their vulnerable Linux distributions.

Besides, to attack a system, you need continuous two-way TCP sessions to a reachable open port. It also can't be made using spoofed IP addresses. True, in a worst case scenario, an attacker can stall a targeted with less than 2 Kilobit per second of malicious traffic. Practically speaking, though, you're more likely successfully attack a server by going into the data center and pulling its power cord.

Also: Nintendo Switch turned into Linux tablet by hackers CNET

Like so many other Linux security vulnerabilities, this one was way overstated. Yes, it was important and it needed addressed. But, the Linux kernel developers, unlike some other operating system programmers I could name, pounce and fix security holes as soon as they're made aware of them.

Related stories:

Editorial standards