Attacker Value

Unknown

0

Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

0

Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

Disclosure Date: June 19, 2019 •

CVE-2019-11477 CVSS v3 Base Score: 7.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Jonathan Looney discovered that the TCP_SKB_CB(skb)–>tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.5 High

Impact Score:

3.6

Exploitability Score:

3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

Linux

Products

Linux kernel

References

Canonical

CVE-2019-11477 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477)

Advisory

https://support.f5.com/csp/article/K78234183

VU#905115 (https://www.kb.cert.org/vuls/id/905115)

[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues (http://www.openwall.com/lists/oss-security/2019/06/20/3)

https://www.synology.com/security/advisory/Synology_SA_19_28

https://security.netapp.com/advisory/ntap-20190625-0001

https://access.redhat.com/errata/RHSA-2019:1594

https://access.redhat.com/errata/RHSA-2019:1602

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006

https://kc.mcafee.com/corporate/index?page=content&id=SB10287

[oss-security] 20190628 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/06/28/2)

http://www.vmware.com/security/advisories/VMSA-2019-0010.html

[oss-security] 20190706 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/07/06/3)

[oss-security] 20190706 Re: linux-distros membership application - Microsoft (http://www.openwall.com/lists/oss-security/2019/07/06/4)

https://access.redhat.com/errata/RHSA-2019:1699

https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

[oss-security] 20191023 Membership application for linux-distros - VMware (http://www.openwall.com/lists/oss-security/2019/10/24/1)

[oss-security] 20191029 Re: Membership application for linux-distros - VMware (http://www.openwall.com/lists/oss-security/2019/10/29/3)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt

https://security.netapp.com/advisory/ntap-20190625-0001/

Miscellaneous

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

https://access.redhat.com/security/vulnerabilities/tcpsack

http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

https://www.us-cert.gov/ics/advisories/icsa-19-253-03

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff

https://www.oracle.com/security-alerts/cpuoct2020.html

Rapid7

Technical Analysis