CVE-2019-11477

CWE-190 — Integer Overflow18 documents13 sources

Severity

7.5HIGH

EPSS

74.3%

top 1.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +17 more

Timeline

PublishedJun 19

Latest updateMay 24

Description

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages18 packages

▶CVEListV5linux/linux_kernel4.4 — 4.4.182+4

▶NVDlinux/linux_kernel2.6.29 — 3.16.69+5

▶Debianlinux< 4.19.37-4+3

▶NVDf5/big-ip_fraud_protection_service11.5.2 — 11.6.4+4

▶NVDf5/big-ip_analytics11.5.2 — 11.6.4+4

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, 19.04, Enterprise Linux 5.0, 6.0, 7.0, 8.0, 6.5, 6.6, 7.4, 7.5

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-748j-px2m-cwgh: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selec↗2022-05-24

▶

OSV

CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selec↗2019-06-19

▶

CVEList

Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs↗2019-06-18

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2019-06-17

▶

Kernel

tcp: limit payload size of sacked skbs↗2019-05-17

▶

📋Vendor Advisories

Oracle

Oracle Oracle Systems Risk Matrix: XCP Firmware (Linux Kernel) — CVE-2019-11477↗2020-10-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Security (Kernel) — CVE-2019-11477↗2020-01-15

▶

VMware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)↗2019-07-02

▶

Ubuntu

Linux kernel vulnerabilities↗2019-06-17

▶

Red Hat

Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service↗2019-06-17

▶

🕵️Threat Intelligence

Unit42

TCP SACK Panics Linux Servers↗2019-06-21

▶

Unit42

TCP SACK Panics Linux Servers↗2019-06-21

▶

💬Community

Bugzilla

CVE-2019-11477 kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service [fedora-all]↗2019-06-17

▶

Bugzilla

CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service↗2019-06-11

▶

External resources

NVD MITRE

Affected products20

Canonical Ubuntu Linuxv12.04v14.04v16.04+3 more

F5 Big-ip Access Policy Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Analytics≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Application Acceleration Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Application Security Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Domain Name System≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Edge Gateway≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Fraud Protection Service≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Global Traffic Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

Disclosure

PublishedJun 19, 2019

Latest updateMay 24, 2022