CVE-2018-5390 Information about SegmentSmack findings
Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure (CVE-2018-5390).
PAN-OS/Panorama platforms are not impacted by this vulnerability.
CVSSv3.1 Base Score:0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
CWE-20 Improper Input Validation
Workarounds and Mitigations
Our NGFW users can use the configuration option bypass-exceed-oo-queue with value no which will provide protection from CVE-2018-5390 for devices positioned behind the firewall. For more information on configuration, please refer to the Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions document: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/threat-prevention/best-practices-for-securing-your-network-from-layer-4-and-layer-7-evasions .