5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.2%
Problem Description:
There is a mistake with the introduction of VNET, which
converted the global limit on the number of segments that
could belong to reassembly queues into a per-VNET limit.
Because mbufs are allocated from a global pool, in the
presence of a sufficient number of VNETs, the total number
of mbufs attached to reassembly queues can grow to the total
number of mbufs in the system, at which point all network
traffic would cease.
Impact:
An attacker who can establish concurrent TCP connections
across a sufficient number of VNETs and manipulate the
inbound packet streams such that the maximum number of mbufs
are enqueued on each reassembly queue can cause mbuf cluster
exhaustion on the target system, resulting in a Denial of
Service condition.
As the default per-VNET limit on the number of segments
that can belong to reassembly queues is 1/16 of the total
number of mbuf clusters in the system, only systems that
have 16 or more VNET instances are vulnerable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freebsd-kernel | = 10.1 | UNKNOWN |
FreeBSD | any | noarch | freebsd-kernel | < 10.1_16 | UNKNOWN |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
74.2%