An excessive resource consumption flaw was found in the way the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel’s socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection.

Mitigation

For mitigation, please refer to the Red Hat Knowledgebase article: <https://access.redhat.com/security/vulnerabilities/tcpsack>

References

bugzilla.redhat.com/show_bug.cgi?id=1719128

nvd.nist.gov/vuln/detail/CVE-2019-11478

patchwork.ozlabs.org/project/netdev/list/?series=114310

www.cve.org/CVERecord?id=CVE-2019-11478

www.openwall.com/lists/oss-security/2019/06/17/5

prion 1

veracode 1

f5 1

nessus 72

cve 1

debiancve 1

openvas 33

ubuntucve 1

citrix 2

virtuozzo 4

debian 4

vmware 2

cloudfoundry 1

ubuntu 2

fortinet 1

oraclelinux 10

attackerkb 1

ibm 18

arista 1

myhack58 1

mscve 1

archlinux 4

redhat 15

amazon 2

centos 2

checkpoint_security 1

fedora 2

symantec 1

paloalto 1

ics 1

threatpost 2

cert 1

zdt 1

mageia 3

qualysblog 1

altlinux 1

osv 1

photon 1

prion

Design/Logic Flaw

2019-06-19 00:15:00

veracode

Denial Of Service (DoS)

2019-06-24 00:20:42

K26618426 : Linux SACK Slowness vulnerability CVE-2019-11478

2019-06-19 00:00:00

nessus

F5 Networks BIG-IP : Linux SACK Slowness vulnerability (K26618426)

2019-09-25 00:00:00

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1935-1) (SACK Slowness)

2019-07-24 00:00:00

Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11478)

2023-10-03 00:00:00

cve

CVE-2019-11478

2019-06-19 00:15:00

debiancve

CVE-2019-11478

2019-06-19 00:15:00

openvas

SUSE: Security Advisory (SUSE-SU-2019:1935-1)

2021-04-19 00:00:00

Debian: Security Advisory (DSA-4484-1)

2019-07-21 00:00:00

Ubuntu: Security Advisory (USN-4017-1)

2019-06-18 00:00:00

ubuntucve

CVE-2019-11478

2019-06-17 00:00:00

citrix

Citrix Hypervisor Security Update.

2019-07-08 04:00:00

Citrix SD-WAN Security Update

2019-09-11 04:00:00

virtuozzo

Kernel update: Virtuozzo ReadyKernel patch 82.2 for Virtuozzo 7.0.8 HF1 and 7.0.10 HF1

2019-06-27 00:00:00

Important kernel security update: Virtuozzo ReadyKernel patch 82.0 for all supported Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5 kernels

2019-06-20 00:00:00

Important kernel security update: New kernel 2.6.32-042stab139.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

2019-06-20 00:00:00

debian

[SECURITY] [DSA 4484-1] linux security update

2019-07-20 14:34:14

[SECURITY] [DSA 4484-1] linux security update

2019-07-20 14:34:14

[SECURITY] [DLA 1862-1] linux security update

2019-07-23 17:32:58

vmware

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)

2019-07-02 00:00:00

cloudfoundry

USN-4017-1: Linux kernel vulnerabilities | Cloud Foundry

2019-07-03 00:00:00

ubuntu

Linux kernel vulnerabilities

2019-06-17 00:00:00

Linux kernel vulnerabilities

2019-06-17 00:00:00

fortinet

TCP SACK panic attack- Linux Kernel Vulnerabilities- CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479

2019-11-29 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

Unbreakable Enterprise kernel security update

2019-06-17 00:00:00

kernel security update

2019-06-18 00:00:00

attackerkb

TCP SACK PANIC

2020-02-13 00:00:00

ibm

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

2020-01-29 16:27:06

Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console (CVE-2019-11479,CVE-2019-11477 and CVE-2019-11478)

2021-09-22 23:38:15

Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability

2020-10-06 20:36:57

arista

Security Advisory 0041

2019-07-02 00:00:00

myhack58

CVE-2019-11477: Linux kernel TCP SACK mechanism remote Dos early warning analysis-vulnerability warning-the black bar safety net

2019-06-19 00:00:00

mscve

Linux Kernel TCP SACK Denial of Service Vulnerability

2019-06-28 07:00:00

archlinux

[ASA-201906-14] linux-lts: denial of service

2019-06-18 00:00:00

[ASA-201906-15] linux-zen: denial of service

2019-06-18 00:00:00

[ASA-201906-12] linux-hardened: denial of service

2019-06-17 00:00:00

redhat

(RHSA-2019:1486) Important: kernel-rt security update

2019-06-17 19:45:06

(RHSA-2019:1481) Important: kernel security update

2019-06-17 17:31:05

(RHSA-2019:1602) Important: kernel-alt security update

2019-06-25 16:27:31

amazon

Critical: kernel

2019-06-13 21:37:00

Critical: kernel

2019-06-13 22:11:00

centos

bpftool, kernel, perf, python security update

2019-06-19 00:21:01

kernel, perf, python security update

2019-06-19 00:19:05

checkpoint_security

Check Point response to TCP SACK PANIC - Linux Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479

2019-06-18 05:16:31

fedora

[SECURITY] Fedora 30 Update: kernel-headers-5.1.11-300.fc30

2019-06-18 18:15:45

[SECURITY] Fedora 29 Update: kernel-headers-5.1.11-200.fc29

2019-06-18 21:19:41

symantec

Linux Kernel Vulnerabilities May-June 2019

2019-09-05 08:00:00

paloalto

Information about TCP SACK Panic Findings in PAN-OS

2019-06-27 00:00:00

ics

Siemens Industrial Products (Update R)

2022-05-12 12:00:00

threatpost

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

2019-06-18 18:43:50

Microsoft Patches A Pair of Zero-Days Under Active Attack

2019-07-09 20:04:36

cert

Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels

2019-06-20 00:00:00

zdt

Linux / FreeBSD TCP-Based Denial Of Service Vulnerability

2019-06-18 00:00:00

mageia

Updated kernel packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-tmb packages fix security vulnerability

2019-06-21 04:07:01

Updated kernel-linus packages fix security vulnerability

2019-06-21 04:07:01

qualysblog

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

2019-07-09 18:12:39

altlinux

Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2

2019-07-10 00:00:00

osv

linux - security update

2019-06-17 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0240

2019-06-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.967 High

EPSS

Percentile

99.6%

JSON

Related for RH:CVE-2019-11478