Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HA10networks Advanced Core Operating System
OSA10Networks3.2.24.1.04.1.14.1.24.1.4Canonical Ubuntu
OSCanonical12.0414.0416.0418.04Cisco Collaboration Meeting Rooms
APPCisco1.0Cisco Digital Network Architecture Center
APPCisco1.2Cisco Expressway
APPCiscox8.10x8.10.1x8.10.2x8.10.3x8.10.4x8.11Cisco Expressway Series
APPCiscowszystkie wersjeCisco Meeting Management
APPCisco1.0Debian
OSDebian8.09.0F5 Big Ip Access Policy Manager
APPF514.0.011.5.1 – 11.6.312.1.0 – 12.1.313.0.0 – 13.1.1F5 Big Ip Advanced Firewall Manager
APPF514.0.013.0.0 – 13.1.111.5.1 – 11.6.312.1.0 – 12.1.3F5 Big Ip Analytics
APPF514.0.011.5.1 – 11.6.313.0.0 – 13.1.112.1.0 – 12.1.3F5 Big Ip Application Acceleration Manager
APPF514.0.013.0.0 – 13.1.111.5.1 – 11.6.312.1.0 – 12.1.3F5 Big Ip Application Security Manager
APPF514.0.011.5.1 – 11.6.313.0.0 – 13.1.112.1.0 – 12.1.3F5 Big Ip Domain Name System
APPF514.0.013.0.0 – 13.1.111.5.1 – 11.6.312.1.0 – 12.1.3F5 Big Ip Edge Gateway
APPF514.0.011.5.1. – 11.6.312.1.0 – 12.1.313.0.0 – 13.1.1F5 Big Ip Fraud Protection Service
APPF514.0.013.0.0 – 13.1.111.5.1 – 11.6.312.1.0 – 12.1.3F5 Big Ip Global Traffic Manager
APPF514.0.011.5.1 – 11.6.312.1.0 – 12.1.313.0.0 – 13.1.1F5 Big Ip Link Controller
APPF514.0.011.5.1 – 11.6.312.1.0 – 12.1.313.0.0 – 13.1.1F5 Big Ip Local Traffic Manager
APPF514.0.0≤ 13.1.111.5.1 – 11.6.312.0.0 – 12.1.3F5 Big Ip Policy Enforcement Manager
APPF514.0.011.5.1 – 11.6.313.0.0 – 13.1.112.1.0 – 12.1.3F5 Big Ip Webaccelerator
APPF514.0.011.5.1 – 11.6.313.0.0 – 13.1.112.1.0 – 12.1.3F5 Traffix Systems Signaling Delivery Controller
APPF54.4.05.0.0 – 5.1.0HP Aruba Airwave Amp
APPHp< 8.2.7.1HP Aruba Clearpass Policy Manager
APPHp6.7.0 – 6.7.56.6.0 – 6.6.9Linux Kernel
OSLinux4.184.9 – 4.18 (bez)Red Hat Enterprise Linux Desktop
OSRedhat7.0Red Hat Enterprise Linux Server
OSRedhat7.0Red Hat Enterprise Linux Server Aus
OSRedhat6.46.56.67.27.37.4Red Hat Enterprise Linux Server Eus
OSRedhat6.46.77.27.37.47.5Red Hat Enterprise Linux Server Tus
OSRedhat6.67.27.37.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
Referencje
Powiązane podatności
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-53521CRITICAL9.3⚠ KEVPL ✓ten sam produkt
RCE w F5 BIG-IP APM poprzez złośliwy ruch sieciowy (stack buffer overflow)
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)