{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Information about FragmentSmack findings"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2018-5391","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-03-11T22:32:03.456Z","generator":{"date":"2026-03-11T22:32:03.456Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2018-5391","initial_release_date":"2018-09-19T20:40:00.000Z","revision_history":[{"number":"1","date":"2026-03-11T15:32:03.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2018-5391","product_status":{"fixed":["PANW-PAN-OS-382","PANW-PAN-OS-383","PANW-PAN-OS-384","PANW-PAN-OS-379"],"known_affected":["PANW-PAN-OS-381","PANW-PAN-OS-362","PANW-PAN-OS-364","PANW-PAN-OS-380"]},"notes":[{"category":"description","text":"Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. (CVE-2018-5391). This security advisory will be updated as more information becomes available or if there are changes in the impact of these vulnerabilities.\nA flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. To exploit this vulnerability a remote attacker could send specially crafted packets that trigger time and calculation expensive fragment reassembly algorithms and cause CPU saturation (a denial of service on the system).  This only affects the Management Plane of PAN-OS.\nThis issue affects PAN-OS 6.1.21 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050.     PAN-OS 7.1.19 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050 and PA-7080.     PAN-OS 8.0.12 and earlier running on PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-7050 and PA-7080.     PAN-OS 8.1.4 and earlier running on PA-200, PA-220, PA-220R, PA-500, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050 and PA-7080."}],"references":[{"category":"external","summary":"NVD - CVE-2018-5391","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5391"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2018-5391","url":"https://security.paloaltonetworks.com/CVE-2018-5391"}],"threats":[{"category":"impact","description":"Palo Alto Networks is aware of recent vulnerability disclosure, known as FragmentSmack, that affects Linux kernel 3.9 and later. At this time, our findings show that some Palo Alto Networks devices running specific versions of PAN-OS are vulnerable to this disclosure. (CVE-2018-5391). This security advisory will be updated as more information becomes available or if there are changes in the impact of these vulnerabilities.\nA flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. To exploit this vulnerability a remote attacker could send specially crafted packets that trigger time and calculation expensive fragment reassembly algorithms and cause CPU saturation (a denial of service on the system).  This only affects the Management Plane of PAN-OS.\nThis issue affects PAN-OS 6.1.21 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050.     PAN-OS 7.1.19 and earlier running on PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series, PA-7050 and PA-7080.     PAN-OS 8.0.12 and earlier running on PA-200, PA-220, PA-500, PA-800 Series, PA-3000 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-7050 and PA-7080.     PAN-OS 8.1.4 and earlier running on PA-200, PA-220, PA-220R, PA-500, PA-800 Series, PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050 and PA-7080."}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"products":["PANW-PAN-OS-381","PANW-PAN-OS-362","PANW-PAN-OS-364","PANW-PAN-OS-380"]}]}]}