An integer overflow flaw was found in the way the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel’s socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).

Mitigation

For mitigation, please refer to the Red Hat Knowledgebase article: <https://access.redhat.com/security/vulnerabilities/tcpsack>

References

nvd.nist.gov/vuln/detail/CVE-2019-11477

patchwork.ozlabs.org/project/netdev/list/?series=114310

www.cve.org/CVERecord?id=CVE-2019-11477

www.openwall.com/lists/oss-security/2019/06/17/5

nvd 1

debiancve 1

openvas 29

nessus 68

prion 1

veracode 1

f5 1

ibm 22

cvelist 1

githubexploit 1

huawei 1

ubuntucve 1

symantec 2

cve 1

citrix 2

virtuozzo 5

vmware 2

cloudfoundry 1

ubuntu 2

redhat 15

oraclelinux 10

archlinux 4

mscve 1

fortinet 1

attackerkb 1

arista 1

myhack58 1

fedora 2

checkpoint_security 1

amazon 2

centos 2

cert 1

zdt 1

mageia 3

threatpost 1

paloalto 1

ics 2

qualysblog 1

altlinux 1

debian 1

osv 1

photon 1

suse 1

nvd

CVE-2019-11477

2019-06-19 00:15:12

debiancve

CVE-2019-11477

2019-06-19 00:15:12

openvas

Huawei Data Communication: Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) (huawei-sa-20191204-01-kernel)

2020-06-05 00:00:00

Ubuntu: Security Advisory (USN-4017-1)

2019-06-18 00:00:00

Ubuntu: Security Advisory (USN-4017-2)

2022-08-26 00:00:00

nessus

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11477)

2023-10-03 00:00:00

F5 Networks BIG-IP : Linux SACK Panic vulnerability (K78234183)

2019-09-25 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4017-1)

2019-06-18 00:00:00

prion

Integer overflow

2019-06-19 00:15:00

veracode

Denial Of Service (DoS)

2019-06-24 00:20:42

K78234183 : Linux SACK Panic vulnerability CVE-2019-11477

2019-06-19 00:00:00

ibm

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by Linux kernel vulnerability (CVE-2019-11477)

2020-01-13 16:22:52

Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477)

2020-02-20 19:54:09

Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability

2020-10-06 20:36:57

cvelist

CVE-2019-11477 Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

2019-06-17 00:00:00

githubexploit

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

2019-07-22 20:23:08

huawei

Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic)

2019-12-26 00:00:00

ubuntucve

CVE-2019-11477

2019-06-17 00:00:00

symantec

Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

2019-06-17 00:00:00

Linux Kernel Vulnerabilities May-June 2019

2019-09-05 08:00:00

cve

CVE-2019-11477

2019-06-19 00:15:12

citrix

Citrix Hypervisor Security Update.

2019-07-08 04:00:00

Citrix SD-WAN Security Update

2019-09-11 04:00:00

virtuozzo

Kernel update: Virtuozzo ReadyKernel patch 82.2 for Virtuozzo 7.0.8 HF1 and 7.0.10 HF1

2019-06-27 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 82.0 for all supported Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5 kernels

2019-06-20 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0.7 to 7.0.10 HF1 and Virtuozzo Infrastructure Platform 2.5

2019-08-20 00:00:00

vmware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

cloudfoundry

USN-4017-1: Linux kernel vulnerabilities | Cloud Foundry

2019-07-03 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-06-17 00:00:00

Linux kernel vulnerabilities

2019-06-17 00:00:00

redhat

(RHSA-2019:1481) Important: kernel security update

2019-06-17 17:31:05

(RHSA-2019:1486) Important: kernel-rt security update

2019-06-17 19:45:06

(RHSA-2019:1485) Important: kernel security and bug fix update

2019-06-17 19:12:21

oraclelinux

kernel security update

2019-06-18 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

archlinux

[ASA-201906-14] linux-lts: denial of service

2019-06-18 00:00:00

[ASA-201906-13] linux: denial of service

2019-06-18 00:00:00

[ASA-201906-12] linux-hardened: denial of service

2019-06-17 00:00:00

mscve

Linux Kernel TCP SACK Denial of Service Vulnerability

2019-06-28 07:00:00

fortinet

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

2019-11-29 00:00:00

attackerkb

TCP SACK PANIC

2020-02-13 00:00:00

arista

Security Advisory 0041

2019-07-02 00:00:00

myhack58

CVE-2019-11477: Linux kernel TCP SACK mechanism remote Dos early warning analysis-vulnerability warning-the black bar safety net

2019-06-19 00:00:00

fedora

[SECURITY] Fedora 29 Update: kernel-headers-5.1.11-200.fc29

2019-06-18 21:19:41

[SECURITY] Fedora 30 Update: kernel-headers-5.1.11-300.fc30

2019-06-18 18:15:45

checkpoint_security

Check Point response to TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479

2019-06-18 05:16:31

amazon

Critical: kernel

2019-06-13 22:11:00

Critical: kernel

2019-06-13 21:37:00

centos

bpftool, kernel, perf, python security update

2019-06-19 00:21:01

kernel, perf, python security update

2019-06-19 00:19:05

cert

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

2019-06-20 00:00:00

zdt

Linux / FreeBSD TCP-Based Denial Of Service Vulnerability

2019-06-18 00:00:00

mageia

Updated kernel packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-tmb packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-linus packages fix security vulnerability

2019-06-21 04:07:01

threatpost

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

2019-06-18 18:43:50

paloalto

Information about TCP SACK Panic Findings in PAN-OS

2019-06-27 00:00:00

ics

Siemens Industrial Products (Update R)

2022-05-12 12:00:00

Hitachi Energy AFF66x

2023-08-22 12:00:00

qualysblog

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

2019-07-09 18:12:39

altlinux

Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2

2019-07-10 00:00:00

debian

[SECURITY] [DLA 1823-1] linux security update

2019-06-17 23:42:52

osv

linux - security update

2019-06-17 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0240

2019-06-20 00:00:00

suse

Security update for the Linux Kernel (important)

2019-06-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.972 High

EPSS

Percentile

99.8%

JSON

Related for RH:CVE-2019-11477