CVE-2019-11477 - Vulnerability Details

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Edge Gateway Big-ip Fraud Protection Service Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-ip Webaccelerator Traffix Signaling Delivery Controller
Ivanti	Connect Secure
Linux	Linux Kernel
Pulsesecure	Pulse Policy Secure Pulse Secure Virtual Application Delivery Controller
Redhat	Enterprise Linux Enterprise Linux Atomic Host Enterprise Linux Aus Enterprise Linux Eus Enterprise Mrg Rhel Aus Rhel E4s Rhel Eus Rhel Extras Rt Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:15.0.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:::::::*

Configuration 7 [-]

OR	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:::::::*

Configuration 8 [-]

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:::::::*

Configuration 10 [-]

OR	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:::::::*

Configuration 11 [-]

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:::::::*

Configuration 12 [-]

OR	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:15.0.0:::::::*

Configuration 13 [-]

OR	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:::::::*

Configuration 14 [-]

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:::::::*

Configuration 15 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 16 [-]

OR	cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

Configuration 17 [-]

OR	cpe:2.3:a:ivanti:connect_secure:-:::::::*
	cpe:2.3:a:pulsesecure:pulse_policy_secure:-:::::::*
	cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:::::::*

Configuration 18 [-]

cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.15.3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:1488	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.95.3.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2019:1490	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.79.3.el6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2019:1489	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-957.21.3.rt56.935.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2019:1486	2019-06-17T00:00:00Z
kernel-0:3.10.0-957.21.3.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1481	2019-06-17T00:00:00Z
kernel-alt-0:4.14.0-115.8.2.el7a	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:1602	2019-06-25T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.79.2.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2019:1485	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.79.2.el7	cpe:/o:redhat:rhel_tus:7.2	RHSA-2019:1485	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.79.2.el7	cpe:/o:redhat:rhel_e4s:7.2	RHSA-2019:1485	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.66.2.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2019:1484	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
kernel-0:3.10.0-514.66.2.el7	cpe:/o:redhat:rhel_tus:7.3	RHSA-2019:1484	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
kernel-0:3.10.0-514.66.2.el7	cpe:/o:redhat:rhel_e4s:7.3	RHSA-2019:1484	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
kernel-0:3.10.0-693.50.3.el7	cpe:/o:redhat:rhel_eus:7.4	RHSA-2019:1483	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
kernel-0:3.10.0-862.34.2.el7	cpe:/o:redhat:rhel_eus:7.5	RHSA-2019:1482	2019-06-17T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-80.4.2.rt9.152.el8_0	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2019:1480	2019-06-17T00:00:00Z
kernel-0:4.18.0-80.4.2.el8_0	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:1479	2019-06-17T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.50.3.rt56.644.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2019:1487	2019-06-17T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
redhat-release-virtualization-host-0:4.2-11.1.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1594	2019-06-25T00:00:00Z
redhat-virtualization-host-0:4.2-20190618.0.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1594	2019-06-25T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-release-virtualization-host-0:4.3.4-1.el7ev	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1699	2019-07-08T00:00:00Z
redhat-virtualization-host-0:4.3.4-20190620.3.el7_6	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2019:1699	2019-07-08T00:00:00Z

References

Link	Providers
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
http://www.openwall.com/lists/oss-security/2019/06/20/3
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
https://access.redhat.com/errata/RHSA-2019:1594
https://access.redhat.com/errata/RHSA-2019:1602
https://access.redhat.com/errata/RHSA-2019:1699
https://access.redhat.com/security/vulnerabilities/tcpsack
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
https://nvd.nist.gov/vuln/detail/CVE-2019-11477
https://patchwork.ozlabs.org/project/netdev/list/?series=114310
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
https://security.netapp.com/advisory/ntap-20190625-0001/
https://support.f5.com/csp/article/K78234183
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
https://www.cve.org/CVERecord?id=CVE-2019-11477
https://www.kb.cert.org/vuls/id/905115
https://www.openwall.com/lists/oss-security/2019/06/17/5
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28
https://www.us-cert.gov/ics/advisories/icsa-19-253-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2019-06-18T23:34:51.026970Z

Updated: 2024-09-17T02:21:15.995Z

Reserved: 2019-04-23T00:00:00

Link: CVE-2019-11477

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-06-19T00:15:12.640

Modified: 2024-11-21T04:21:09.480

Link: CVE-2019-11477

Redhat

Severity : Important

Publid Date: 2019-06-17T17:00:00Z

Links: CVE-2019-11477 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object