cbcvebase.
CVE-2019-11478
published 2019-06-19

CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP…

high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Affected

101 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianlinux< linux 4.19.37-4 (bookworm)linux 4.19.37-4 (bookworm)
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager11.5.2 – 11.6.4
f5big-ip_access_policy_manager12.1.0 – 12.1.4
f5big-ip_access_policy_manager13.1.0 – 13.1.1
f5big-ip_access_policy_manager14.0.0 – 14.1.0
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager11.5.2 – 11.6.4
f5big-ip_advanced_firewall_manager12.1.0 – 12.1.4
f5big-ip_advanced_firewall_manager13.1.0 – 13.1.1
f5big-ip_advanced_firewall_manager14.0.0 – 14.1.0
f5big-ip_analytics
f5big-ip_analytics11.5.2 – 11.6.4
f5big-ip_analytics12.1.0 – 12.1.4
f5big-ip_analytics13.1.0 – 13.1.1
f5big-ip_analytics14.0.0 – 14.1.0
f5big-ip_application_acceleration_manager
f5big-ip_application_acceleration_manager11.5.2 – 11.6.4
f5big-ip_application_acceleration_manager12.1.0 – 12.1.4

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH