Lucene search

[email protected]CVE-2019-11478

HistoryJun 19, 2019 - 12:15 a.m.

CVE-2019-11478

2019-06-1900:15:00

CWE-400

[email protected]

web.nvd.nist.gov

497

cve-2019-11478

linux kernel

tcp

sack

denial of service

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.967 High

EPSS

Percentile

99.6%

JSON

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt4.4.182
linux:linux_kernellinux linux kernellt4.9.182
linux:linux_kernellinux linux kernellt4.14.127
linux:linux_kernellinux linux kernellt4.19.52
linux:linux_kernellinux linux kernellt5.1.11
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle12.1.4
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle14.1.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle13.1.1
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managerle11.6.4
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq15.0.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	4.4.182
linux:linux_kernel	linux linux kernel	lt	4.9.182
linux:linux_kernel	linux linux kernel	lt	4.14.127
linux:linux_kernel	linux linux kernel	lt	4.19.52
linux:linux_kernel	linux linux kernel	lt	5.1.11
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	12.1.4
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	14.1.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	13.1.1
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	le	11.6.4
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	15.0.0

Rows per page:

1-10 of 901

References

packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html

packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html

packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt

www.openwall.com/lists/oss-security/2019/06/28/2

www.openwall.com/lists/oss-security/2019/07/06/3

www.openwall.com/lists/oss-security/2019/07/06/4

www.openwall.com/lists/oss-security/2019/10/24/1

www.openwall.com/lists/oss-security/2019/10/29/3

www.vmware.com/security/advisories/VMSA-2019-0010.html

access.redhat.com/errata/RHSA-2019:1594

access.redhat.com/errata/RHSA-2019:1602

access.redhat.com/errata/RHSA-2019:1699

access.redhat.com/security/vulnerabilities/tcpsack

cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

kc.mcafee.com/corporate/index?page=content&id=SB10287

psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007

seclists.org/bugtraq/2019/Jul/30

security.netapp.com/advisory/ntap-20190625-0001/

support.f5.com/csp/article/K26618426

wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

www.kb.cert.org/vuls/id/905115

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.synology.com/security/advisory/Synology_SA_19_28

www.us-cert.gov/ics/advisories/icsa-19-253-03

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.967 High

EPSS

Percentile

99.6%

JSON

CVE-2019-11478

References

Related