Information about SegmentSmack findings (PAN-SA-2018-0013)

Last revised: 09/19/2018

Summary

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure (CVE-2018-5390).

Severity: Info

PAN-OS/Panorama platforms are not impacted by this vulnerability.

Products Affected

N/A

Available Updates

N/A

Workarounds and Mitigations

Our NGFW users can use the configuration option bypass-exceed-oo-queue with value no which will provide protection from CVE-2018-5390 for devices positioned behind the firewall. For more information on configuration, please refer to the Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions document: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/threat-prevention/best-practices-for-securing-your-network-from-layer-4-and-layer-7-evasions .

Acknowledgements

N/A