Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
F5
  • Big-ip Access Policy Manager
  • Big-ip Advanced Firewall Manager
  • Big-ip Analytics
  • Big-ip Application Acceleration Manager
  • Big-ip Application Security Manager
  • Big-ip Domain Name System
  • Big-ip Edge Gateway
  • Big-ip Fraud Protection Service
  • Big-ip Global Traffic Manager
  • Big-ip Link Controller
  • Big-ip Local Traffic Manager
  • Big-ip Policy Enforcement Manager
  • Big-ip Webaccelerator
  • Traffix Signaling Delivery Controller
Ivanti
  • Connect Secure
Linux
  • Linux Kernel
Pulsesecure
  • Pulse Policy Secure
  • Pulse Secure Virtual Application Delivery Controller
Redhat
  • Enterprise Linux
  • Enterprise Linux Atomic Host
  • Enterprise Linux Aus
  • Enterprise Linux Eus
  • Enterprise Mrg
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Extras Rt
  • Rhel Tus

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*

Configuration 9 [-]

OR cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*

Configuration 10 [-]

OR cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*

Configuration 11 [-]

OR cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*

Configuration 12 [-]

OR cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*

Configuration 13 [-]

OR cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*

Configuration 14 [-]

OR cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*

Configuration 15 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Configuration 16 [-]

OR cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

Configuration 17 [-]

OR cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*

Configuration 18 [-]

cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.15.3.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:1488 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.95.3.el6 cpe:/o:redhat:rhel_aus:6.5 RHSA-2019:1490 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.79.3.el6 cpe:/o:redhat:rhel_aus:6.6 RHSA-2019:1489 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-957.21.3.rt56.935.el7 cpe:/a:redhat:rhel_extras_rt:7 RHSA-2019:1486 2019-06-17T00:00:00Z
kernel-0:3.10.0-957.21.3.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:1481 2019-06-17T00:00:00Z
kernel-alt-0:4.14.0-115.8.2.el7a cpe:/o:redhat:enterprise_linux:7 RHSA-2019:1602 2019-06-25T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.79.2.el7 cpe:/o:redhat:rhel_aus:7.2 RHSA-2019:1485 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.79.2.el7 cpe:/o:redhat:rhel_tus:7.2 RHSA-2019:1485 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.79.2.el7 cpe:/o:redhat:rhel_e4s:7.2 RHSA-2019:1485 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.66.2.el7 cpe:/o:redhat:rhel_aus:7.3 RHSA-2019:1484 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
kernel-0:3.10.0-514.66.2.el7 cpe:/o:redhat:rhel_tus:7.3 RHSA-2019:1484 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
kernel-0:3.10.0-514.66.2.el7 cpe:/o:redhat:rhel_e4s:7.3 RHSA-2019:1484 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
kernel-0:3.10.0-693.50.3.el7 cpe:/o:redhat:rhel_eus:7.4 RHSA-2019:1483 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
kernel-0:3.10.0-862.34.2.el7 cpe:/o:redhat:rhel_eus:7.5 RHSA-2019:1482 2019-06-17T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-80.4.2.rt9.152.el8_0 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2019:1480 2019-06-17T00:00:00Z
kernel-0:4.18.0-80.4.2.el8_0 cpe:/o:redhat:enterprise_linux:8 RHSA-2019:1479 2019-06-17T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.50.3.rt56.644.el6rt cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2019:1487 2019-06-17T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
redhat-release-virtualization-host-0:4.2-11.1.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:1594 2019-06-25T00:00:00Z
redhat-virtualization-host-0:4.2-20190618.0.el7_6 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:1594 2019-06-25T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-release-virtualization-host-0:4.3.4-1.el7ev cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:1699 2019-07-08T00:00:00Z
redhat-virtualization-host-0:4.3.4-20190620.3.el7_6 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:1699 2019-07-08T00:00:00Z
References
Link Providers
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html cve-icon cve-icon
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html cve-icon cve-icon
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html cve-icon cve-icon
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/06/28/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/07/06/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/07/06/4 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/10/24/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/10/29/3 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2019-0010.html cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1594 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1602 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1699 cve-icon cve-icon
https://access.redhat.com/security/vulnerabilities/tcpsack cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf cve-icon cve-icon
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e cve-icon cve-icon
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md cve-icon cve-icon
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10287 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-11478 cve-icon
https://patchwork.ozlabs.org/project/netdev/list/?series=114310 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007 cve-icon cve-icon
https://seclists.org/bugtraq/2019/Jul/30 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190625-0001/ cve-icon cve-icon
https://support.f5.com/csp/article/K26618426 cve-icon cve-icon
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-11478 cve-icon
https://www.kb.cert.org/vuls/id/905115 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2019/06/17/5 cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.synology.com/security/advisory/Synology_SA_19_28 cve-icon cve-icon
https://www.us-cert.gov/ics/advisories/icsa-19-253-03 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2019-06-18T23:34:51.077803Z

Updated: 2024-09-16T23:45:54.779Z

Reserved: 2019-04-23T00:00:00

Link: CVE-2019-11478

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-19T00:15:12.687

Modified: 2024-11-21T04:21:09.703

Link: CVE-2019-11478

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-06-17T17:00:00Z

Links: CVE-2019-11478 - Bugzilla