An integer overflow vulnerability was found in the way the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. A remote attacker could use this to cause a denial of service. (Vulnerability ID: HWPSIRT-2019-06130)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-11477.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en

CPENameOperatorVersion
ac6605eqV200R009C00
ac6605eqV200R010C00
alp-al00blt9.1.0.333
alp-tl00blt9.1.0.333
ares-al00blt9.1.0.160
ares-al00bhwlt9.1.0.165
ares-al10dlt9.1.0.165
bla-al00blt9.1.0.333
bla-l09clt9.1.0.330
bla-l29clt9.1.0.330

Name	Operator	Version
ac6605	eq	V200R009C00
ac6605	eq	V200R010C00
alp-al00b	lt	9.1.0.333
alp-tl00b	lt	9.1.0.333
ares-al00b	lt	9.1.0.160
ares-al00bhw	lt	9.1.0.165
ares-al10d	lt	9.1.0.165
bla-al00b	lt	9.1.0.333
bla-l09c	lt	9.1.0.330
bla-l29c	lt	9.1.0.330

Rows per page:

1-10 of 3441

prion 1

nessus 69

ibm 22

symantec 2

cve 1

githubexploit 1

ubuntucve 1

openvas 29

debiancve 1

f5 1

redhatcve 1

veracode 1

vmware 2

virtuozzo 5

ubuntu 2

citrix 2

cloudfoundry 1

fedora 2

redhat 15

archlinux 4

oraclelinux 10

amazon 2

checkpoint_security 1

centos 2

fortinet 1

attackerkb 1

arista 1

myhack58 1

mscve 1

threatpost 2

cert 1

zdt 1

mageia 3

ics 2

paloalto 1

qualysblog 1

altlinux 1

osv 1

debian 1

photon 1

suse 1

prion

Integer overflow

2019-06-19 00:15:00

nessus

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11477)

2023-10-03 00:00:00

F5 Networks BIG-IP : Linux SACK Panic vulnerability (K78234183)

2019-09-25 00:00:00

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11477)

2023-12-22 00:00:00

ibm

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by Linux kernel vulnerability (CVE-2019-11477)

2020-01-13 16:22:52

Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477)

2020-02-20 19:54:09

Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities

2021-06-08 21:47:38

symantec

Linux Kernel CVE-2019-11477 Integer Overflow Vulnerability

2019-06-17 00:00:00

Linux Kernel Vulnerabilities May-June 2019

2019-09-05 08:00:00

cve

CVE-2019-11477

2019-06-19 00:15:00

githubexploit

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

2019-07-22 20:23:08

ubuntucve

CVE-2019-11477

2019-06-17 00:00:00

openvas

Huawei Data Communication: Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) (huawei-sa-20191204-01-kernel)

2020-06-05 00:00:00

SUSE: Security Advisory (SUSE-SU-2019:1924-1)

2021-04-19 00:00:00

Ubuntu: Security Advisory (USN-4017-1)

2019-06-18 00:00:00

debiancve

CVE-2019-11477

2019-06-19 00:15:00

K78234183 : Linux SACK Panic vulnerability CVE-2019-11477

2019-06-19 00:00:00

redhatcve

CVE-2019-11477

2020-11-01 21:54:35

veracode

Denial Of Service (DoS)

2019-06-24 00:20:42

vmware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

virtuozzo

Important kernel security update: Virtuozzo ReadyKernel patch 82.0 for all supported Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5 kernels

2019-06-20 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0.7 to 7.0.10 HF1 and Virtuozzo Infrastructure Platform 2.5

2019-08-20 00:00:00

Kernel update: Virtuozzo ReadyKernel patch 82.2 for Virtuozzo 7.0.8 HF1 and 7.0.10 HF1

2019-06-27 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-06-17 00:00:00

Linux kernel vulnerabilities

2019-06-17 00:00:00

citrix

Citrix Hypervisor Security Update.

2019-07-08 04:00:00

Citrix SD-WAN Security Update

2019-09-11 04:00:00

cloudfoundry

USN-4017-1: Linux kernel vulnerabilities | Cloud Foundry

2019-07-03 00:00:00

fedora

[SECURITY] Fedora 29 Update: kernel-headers-5.1.11-200.fc29

2019-06-18 21:19:41

[SECURITY] Fedora 30 Update: kernel-headers-5.1.11-300.fc30

2019-06-18 18:15:45

redhat

(RHSA-2019:1484) Important: kernel security and bug fix update

2019-06-17 19:12:10

(RHSA-2019:1485) Important: kernel security and bug fix update

2019-06-17 19:12:21

(RHSA-2019:1486) Important: kernel-rt security update

2019-06-17 19:45:06

archlinux

[ASA-201906-12] linux-hardened: denial of service

2019-06-17 00:00:00

[ASA-201906-13] linux: denial of service

2019-06-18 00:00:00

[ASA-201906-15] linux-zen: denial of service

2019-06-18 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

amazon

Critical: kernel

2019-06-13 22:11:00

Critical: kernel

2019-06-13 21:37:00

checkpoint_security

Check Point response to TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479

2019-06-18 05:16:31

centos

bpftool, kernel, perf, python security update

2019-06-19 00:21:01

kernel, perf, python security update

2019-06-19 00:19:05

fortinet

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

2019-11-29 00:00:00

attackerkb

TCP SACK PANIC

2020-02-13 00:00:00

arista

Security Advisory 0041

2019-07-02 00:00:00

myhack58

CVE-2019-11477: Linux kernel TCP SACK mechanism remote Dos early warning analysis-vulnerability warning-the black bar safety net

2019-06-19 00:00:00

mscve

Linux Kernel TCP SACK Denial of Service Vulnerability

2019-06-28 07:00:00

threatpost

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

2019-06-18 18:43:50

Microsoft Patches A Pair of Zero-Days Under Active Attack

2019-07-09 20:04:36

cert

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

2019-06-20 00:00:00

zdt

Linux / FreeBSD TCP-Based Denial Of Service Vulnerability

2019-06-18 00:00:00

mageia

Updated kernel packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-tmb packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-linus packages fix security vulnerability

2019-06-21 04:07:01

ics

Siemens Industrial Products (Update R)

2022-05-12 12:00:00

Hitachi Energy AFF66x

2023-08-22 12:00:00

paloalto

Information about TCP SACK Panic Findings in PAN-OS

2019-06-27 00:00:00

qualysblog

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

2019-07-09 18:12:39

altlinux

Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2

2019-07-10 00:00:00

osv

linux - security update

2019-06-17 00:00:00

debian

[SECURITY] [DLA 1823-1] linux security update

2019-06-17 23:42:52

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0240

2019-06-20 00:00:00

suse

Security update for the Linux Kernel (important)

2019-06-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for HUAWEI-SA-20191225-01-KERNEL