CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
99.9%
Severity: High
Date : 2019-06-18
CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
Package : linux-zen
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-985
The package linux-zen before version 5.1.11.zen1-1 is vulnerable to
denial of service.
Upgrade to 5.1.11.zen1-1.
The problems have been fixed upstream in version 5.1.11.zen1.
CVE-2019-11477 and CVE-2019-11478
$ sudo sysctl -w net.ipv4.tcp_sack=0
The mitigation described below for CVE-2019-11479 is also sufficient
for CVE-2019-11477 and CVE-2019-11478 if disabling TCP SACK support is
not viable.
CVE-2019-11479
$ sudo iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP
The net.ipv4.tcp_mtu_probing sysctl must be disabled (set to 0) when
using the iptables rules shown above.
An integer overflow has been discovered in the Linux kernel when
handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may
be crafted such that one can trigger a kernel panic. A remote attacker
could use this to cause a denial of service (system crash).
An excessive resource consumption flaw was found in the way the Linux
kernel’s networking subsystem processed TCP Selective Acknowledgment
(SACK) segments. While processing SACK segments, the Linux kernel’s
socket buffer (SKB) data structure becomes fragmented, which leads to
increased resource utilization to traverse and process these fragments
as further SACK segments are received on the same TCP connection. A
remote attacker could use this flaw to cause a denial of service (DoS)
by sending a crafted sequence of SACK segments on a TCP connection.
An excessive resource consumption flaw was found in the way the Linux
kernel’s networking subsystem processed TCP segments. If the Maximum
Segment Size (MSS) of a TCP connection was set to low values, such as
48 bytes, it can leave as little as 8 bytes for the user data, which
significantly increases the Linux kernel’s resource (CPU, Memory, and
Bandwidth) utilization. A remote attacker could use this flaw to cause
a denial of service (DoS) by repeatedly sending network traffic on a
TCP connection with low TCP MSS.
A remote attacker is able to crash the system by sending specially
crafted TCP packets.
https://www.openwall.com/lists/oss-security/2019/06/17/5
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6
https://security.archlinux.org/CVE-2019-11477
https://security.archlinux.org/CVE-2019-11478
https://security.archlinux.org/CVE-2019-11479
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
security.archlinux.org/AVG-985
security.archlinux.org/CVE-2019-11477
security.archlinux.org/CVE-2019-11478
security.archlinux.org/CVE-2019-11479
www.openwall.com/lists/oss-security/2019/06/17/5
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
99.9%