Lucene search

K
mscveMicrosoftMS:ADV190020
HistoryJun 28, 2019 - 7:00 a.m.

Linux Kernel TCP SACK Denial of Service Vulnerability

2019-06-2807:00:00
Microsoft
msrc.microsoft.com
47

0.973 High

EPSS

Percentile

99.9%

Executive Summary

Known vulnerabilities exist in the Linux kernel. These vulnerabilities are documented by the following CVEs: CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.

The purpose of this advisory is to explain the various effects of these vulnerabilities and to provide links to more information.

  1. If you are running a Linux kernel in your Azure environment, you should contact the provider of that Linux kernel to understand their recommendation for protecting your installation. See below for a list of popular providers.
  2. If you are using Azure Sphere for an IoT product, please see Azure Sphere <https://azure.microsoft.com/en-us/updates/update-19-06-for-azure-sphere-public-preview-now-available-for-evaluation/&gt;
  3. If you are using Azure Kubernetes Service, please see <https://github.com/Azure/AKS/issues/1065&gt;
  4. If you are using HD Insight, please see <https://azure.microsoft.com/en-us/updates/security-advisory-on-linux-kernel-tcp-vulnerabilities-for-hdinsight-clusters/&gt;