Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 4.19.37-4linux_4.19.37-4_all.deb
Debian11alllinux< 4.19.37-4linux_4.19.37-4_all.deb
Debian999alllinux< 4.19.37-4linux_4.19.37-4_all.deb
Debian13alllinux< 4.19.37-4linux_4.19.37-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb
Debian	11	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb
Debian	999	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb
Debian	13	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb

openvas 29

nvd 1

nessus 69

prion 1

f5 1

redhatcve 1

veracode 1

ibm 21

symantec 2

cvelist 1

githubexploit 1

cve 1

huawei 1

ubuntucve 1

virtuozzo 5

citrix 2

vmware 2

cloudfoundry 1

ubuntu 2

redhat 15

archlinux 4

fedora 2

arista 1

oraclelinux 10

myhack58 1

mscve 1

fortinet 1

attackerkb 1

centos 2

amazon 2

checkpoint_security 1

threatpost 2

zdt 1

cert 1

mageia 3

paloalto 1

ics 2

qualysblog 1

altlinux 1

debian 1

osv 1

suse 1

openvas

Huawei Data Communication: Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) (huawei-sa-20191204-01-kernel)

2020-06-05 00:00:00

Ubuntu: Security Advisory (USN-4017-1)

2019-06-18 00:00:00

Ubuntu: Security Advisory (USN-4017-2)

2022-08-26 00:00:00

nvd

CVE-2019-11477

2019-06-19 00:15:12

nessus

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11477)

2023-10-03 00:00:00

F5 Networks BIG-IP : Linux SACK Panic vulnerability (K78234183)

2019-09-25 00:00:00

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4017-1)

2019-06-18 00:00:00

prion

Integer overflow

2019-06-19 00:15:00

K78234183 : Linux SACK Panic vulnerability CVE-2019-11477

2019-06-19 00:00:00

redhatcve

CVE-2019-11477

2020-11-01 21:54:35

veracode

Denial Of Service (DoS)

2019-06-24 00:20:42

ibm

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by Linux kernel vulnerability (CVE-2019-11477)

2020-01-13 16:22:52

Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477)

2020-02-20 19:54:09

Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability

2020-10-06 20:36:57

symantec

Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

2019-06-17 00:00:00

Linux Kernel Vulnerabilities May-June 2019

2019-09-05 08:00:00

cvelist

CVE-2019-11477 Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

2019-06-17 00:00:00

githubexploit

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

2019-07-22 20:23:08

cve

CVE-2019-11477

2019-06-19 00:15:12

huawei

Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic)

2019-12-26 00:00:00

ubuntucve

CVE-2019-11477

2019-06-17 00:00:00

virtuozzo

Kernel update: Virtuozzo ReadyKernel patch 82.2 for Virtuozzo 7.0.8 HF1 and 7.0.10 HF1

2019-06-27 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 82.0 for all supported Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5 kernels

2019-06-20 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0.7 to 7.0.10 HF1 and Virtuozzo Infrastructure Platform 2.5

2019-08-20 00:00:00

citrix

Citrix Hypervisor Security Update.

2019-07-08 04:00:00

Citrix SD-WAN Security Update

2019-09-11 04:00:00

vmware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

cloudfoundry

USN-4017-1: Linux kernel vulnerabilities | Cloud Foundry

2019-07-03 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-06-17 00:00:00

Linux kernel vulnerabilities

2019-06-17 00:00:00

redhat

(RHSA-2019:1481) Important: kernel security update

2019-06-17 17:31:05

(RHSA-2019:1486) Important: kernel-rt security update

2019-06-17 19:45:06

(RHSA-2019:1484) Important: kernel security and bug fix update

2019-06-17 19:12:10

archlinux

[ASA-201906-12] linux-hardened: denial of service

2019-06-17 00:00:00

[ASA-201906-13] linux: denial of service

2019-06-18 00:00:00

[ASA-201906-14] linux-lts: denial of service

2019-06-18 00:00:00

fedora

[SECURITY] Fedora 29 Update: kernel-headers-5.1.11-200.fc29

2019-06-18 21:19:41

[SECURITY] Fedora 30 Update: kernel-headers-5.1.11-300.fc30

2019-06-18 18:15:45

arista

Security Advisory 0041

2019-06-26 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

kernel security update

2019-06-18 00:00:00

myhack58

CVE-2019-11477: Linux kernel TCP SACK mechanism remote Dos early warning analysis-vulnerability warning-the black bar safety net

2019-06-19 00:00:00

mscve

Linux Kernel TCP SACK Denial of Service Vulnerability

2019-06-28 07:00:00

fortinet

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

2019-11-29 00:00:00

attackerkb

TCP SACK PANIC

2020-02-13 00:00:00

centos

bpftool, kernel, perf, python security update

2019-06-19 00:21:01

kernel, perf, python security update

2019-06-19 00:19:05

amazon

Critical: kernel

2019-06-13 21:37:00

Critical: kernel

2019-06-13 22:11:00

checkpoint_security

Check Point response to TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479

2019-06-18 05:16:31

threatpost

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

2019-06-18 18:43:50

Microsoft Patches A Pair of Zero-Days Under Active Attack

2019-07-09 20:04:36

zdt

Linux / FreeBSD TCP-Based Denial Of Service Vulnerability

2019-06-18 00:00:00

cert

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

2019-06-20 00:00:00

mageia

Updated kernel packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-tmb packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-linus packages fix security vulnerability

2019-06-21 04:07:01

paloalto

Information about TCP SACK Panic Findings in PAN-OS

2019-06-27 00:00:00

ics

Siemens Industrial Products (Update R)

2022-05-12 12:00:00

Hitachi Energy AFF66x

2023-08-22 12:00:00

qualysblog

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

2019-07-09 18:12:39

altlinux

Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2

2019-07-10 00:00:00

debian

[SECURITY] [DLA 1823-1] linux security update

2019-06-17 23:42:52

osv

linux - security update

2019-06-17 00:00:00

suse

Security update for the Linux Kernel (important)

2019-06-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.972

Percentile

99.8%

JSON

Related for DEBIANCVE:CVE-2019-11477