Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 4.19.37-4linux_4.19.37-4_all.deb
Debian11alllinux< 4.19.37-4linux_4.19.37-4_all.deb
Debian999alllinux< 4.19.37-4linux_4.19.37-4_all.deb
Debian13alllinux< 4.19.37-4linux_4.19.37-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb
Debian	11	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb
Debian	999	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb
Debian	13	all	linux	< 4.19.37-4	linux_4.19.37-4_all.deb

nessus 71

cve 1

f5 1

ubuntucve 1

openvas 33

cvelist 1

redhatcve 1

prion 1

veracode 1

nvd 1

virtuozzo 4

citrix 2

vmware 2

debian 4

cloudfoundry 1

ubuntu 2

ibm 18

redhat 15

arista 1

oraclelinux 10

myhack58 1

mscve 1

fortinet 1

archlinux 4

attackerkb 1

amazon 2

checkpoint_security 1

fedora 2

centos 2

paloalto 1

symantec 1

threatpost 1

zdt 1

mageia 3

cert 1

ics 1

qualysblog 1

altlinux 1

osv 1

suse 1

nessus

F5 Networks BIG-IP : Linux SACK Slowness vulnerability (K26618426)

2019-09-25 00:00:00

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11478)

2023-10-03 00:00:00

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1935-1) (SACK Slowness)

2019-07-24 00:00:00

cve

CVE-2019-11478

2019-06-19 00:15:12

K26618426 : Linux SACK Slowness vulnerability CVE-2019-11478

2019-06-19 00:00:00

ubuntucve

CVE-2019-11478

2019-06-17 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2019:1935-1)

2021-04-19 00:00:00

Debian: Security Advisory (DSA-4484-1)

2019-07-21 00:00:00

Ubuntu: Security Advisory (USN-4017-1)

2019-06-18 00:00:00

cvelist

CVE-2019-11478 SACK can cause extensive memory use via fragmented resend queue

2019-06-17 00:00:00

redhatcve

CVE-2019-11478

2019-12-28 03:45:40

prion

Design/Logic Flaw

2019-06-19 00:15:00

veracode

Denial Of Service (DoS)

2019-06-24 00:20:42

nvd

CVE-2019-11478

2019-06-19 00:15:12

virtuozzo

Kernel update: Virtuozzo ReadyKernel patch 82.2 for Virtuozzo 7.0.8 HF1 and 7.0.10 HF1

2019-06-27 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 82.0 for all supported Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5 kernels

2019-06-20 00:00:00

Important kernel security update: New kernel 2.6.32-042stab139.1; Virtuozzo 6.0 Update 12 Hotfix 43 (6.0.12-3743)

2019-06-20 00:00:00

citrix

Citrix Hypervisor Security Update.

2019-07-08 04:00:00

Citrix SD-WAN Security Update

2019-09-11 04:00:00

vmware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

debian

[SECURITY] [DSA 4484-1] linux security update

2019-07-20 14:34:14

[SECURITY] [DSA 4484-1] linux security update

2019-07-20 14:34:14

[SECURITY] [DLA 1862-1] linux security update

2019-07-23 17:32:58

cloudfoundry

USN-4017-1: Linux kernel vulnerabilities | Cloud Foundry

2019-07-03 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-06-17 00:00:00

Linux kernel vulnerabilities

2019-06-17 00:00:00

ibm

Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability

2020-10-06 20:36:57

Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console (CVE-2019-11479,CVE-2019-11477 and CVE-2019-11478)

2021-09-22 23:38:15

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

2020-01-29 16:27:06

redhat

(RHSA-2019:1486) Important: kernel-rt security update

2019-06-17 19:45:06

(RHSA-2019:1481) Important: kernel security update

2019-06-17 17:31:05

(RHSA-2019:1482) Important: kernel security update

2019-06-17 18:34:01

arista

Security Advisory 0041

2019-06-26 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

kernel security update

2019-06-18 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

myhack58

CVE-2019-11477: Linux kernel TCP SACK mechanism remote Dos early warning analysis-vulnerability warning-the black bar safety net

2019-06-19 00:00:00

mscve

Linux Kernel TCP SACK Denial of Service Vulnerability

2019-06-28 07:00:00

fortinet

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

2019-11-29 00:00:00

archlinux

[ASA-201906-14] linux-lts: denial of service

2019-06-18 00:00:00

[ASA-201906-15] linux-zen: denial of service

2019-06-18 00:00:00

[ASA-201906-12] linux-hardened: denial of service

2019-06-17 00:00:00

attackerkb

TCP SACK PANIC

2020-02-13 00:00:00

amazon

Critical: kernel

2019-06-13 22:11:00

Critical: kernel

2019-06-13 21:37:00

checkpoint_security

Check Point response to TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479

2019-06-18 05:16:31

fedora

[SECURITY] Fedora 30 Update: kernel-headers-5.1.11-300.fc30

2019-06-18 18:15:45

[SECURITY] Fedora 29 Update: kernel-headers-5.1.11-200.fc29

2019-06-18 21:19:41

centos

bpftool, kernel, perf, python security update

2019-06-19 00:21:01

kernel, perf, python security update

2019-06-19 00:19:05

paloalto

Information about TCP SACK Panic Findings in PAN-OS

2019-06-27 00:00:00

symantec

Linux Kernel Vulnerabilities May-June 2019

2019-09-05 08:00:00

threatpost

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

2019-06-18 18:43:50

zdt

Linux / FreeBSD TCP-Based Denial Of Service Vulnerability

2019-06-18 00:00:00

mageia

Updated kernel packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-tmb packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-linus packages fix security vulnerability

2019-06-21 04:07:01

cert

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

2019-06-20 00:00:00

ics

Siemens Industrial Products (Update R)

2022-05-12 12:00:00

qualysblog

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

2019-07-09 18:12:39

altlinux

Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2

2019-07-10 00:00:00

osv

linux - security update

2019-06-17 00:00:00

suse

Security update for the Linux Kernel (important)

2019-06-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.966

Percentile

99.6%

JSON

Related for DEBIANCVE:CVE-2019-11478