Palo Alto Networks Security Advisories / CVE-2018-5390

CVE-2018-5390 Information about SegmentSmack findings

047910
Severity 0 · NONE
Attack Vector Not applicable
Scope Not applicable
Attack Complexity Not applicable
Confidentiality Impact NONE
Privileges Required Not applicable
Integrity Impact NONE
User Interaction Not applicable
Availability Impact NONE

Description

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure (CVE-2018-5390).

PAN-OS/Panorama platforms are not impacted by this vulnerability.

Product Status

VersionsAffectedUnaffected
PAN-OS Noneall

Severity:NONE

CVSSv3.1 Base Score:0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)

Weakness Type

CWE-20 Improper Input Validation

Solution

N/A

Workarounds and Mitigations

Our NGFW users can use the configuration option bypass-exceed-oo-queue with value no which will provide protection from CVE-2018-5390 for devices positioned behind the firewall. For more information on configuration, please refer to the Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions document: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/threat-prevention/best-practices-for-securing-your-network-from-layer-4-and-layer-7-evasions .

© 2022 Palo Alto Networks, Inc. All rights reserved.