CVE-2019-11478

CWE-770 — Allocation without Limits CWE-400 — Uncontrolled Resource Consumption17 documents11 sources

Severity

7.5HIGH

EPSS

29.8%

top 3.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +17 more

Timeline

PublishedJun 19

Latest updateMay 24

Description

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages29 packages

▶CVEListV5linux/linux_kernel4.4 — 4.4.182+4

▶NVDlinux/linux_kernel4.5 — 4.9.182+4

▶Debianlinux< 4.19.37-4+3

▶Ubuntulinux< 4.4.0-151.178+1

▶Ubuntulinux-aws< 4.4.0-1085.96+1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, 19.04, Enterprise Linux 5.0, 6.0, 7.0, 8.0, 6.5, 6.6, 7.4, 7.5

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-xh2h-cw6h-x9h5: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling cert↗2022-05-24

▶

Kernel

tcp: be more careful in tcp_fragment()↗2019-07-19

▶

OSV

CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling cert↗2019-06-19

▶

CVEList

SACK can cause extensive memory use via fragmented resend queue↗2019-06-18

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2019-06-17

▶

📋Vendor Advisories

VMware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)↗2019-07-02

▶

Red Hat

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service↗2019-06-17

▶

Ubuntu

Linux kernel vulnerabilities↗2019-06-17

▶

Ubuntu

Linux kernel vulnerabilities↗2019-06-17

▶

Debian

CVE-2019-11478: linux - Jonathan Looney discovered that the TCP retransmission queue implementation in t...↗2019

▶

🕵️Threat Intelligence

Unit42

TCP SACK Panics Linux Servers↗2019-06-21

▶

Unit42

TCP SACK Panics Linux Servers↗2019-06-21

▶

💬Community

Bugzilla

CVE-2019-11478 kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service [fedora-all]↗2019-06-17

▶

Bugzilla

CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service↗2019-06-11

▶

External resources

NVD MITRE

Affected products20

Canonical Ubuntu Linuxv12.04v14.04v16.04+3 more

F5 Big-ip Access Policy Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Advanced Firewall Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Analytics≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Application Acceleration Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Application Security Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Domain Name System≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Edge Gateway≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Fraud Protection Service≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

F5 Big-ip Global Traffic Manager≥ 11.5.2, ≤ 11.6.4≥ 12.1.0, ≤ 12.1.4≥ 13.1.0, ≤ 13.1.1+2 more

Disclosure

PublishedJun 19, 2019

Latest updateMay 24, 2022