12 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003576)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003576 advisory. Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selectiv...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000297)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000297 advisory. Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments...
Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11479)
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...
Sprecher Automation SPRECON-E TCP SACK PANIC (CVE-2019-11477)
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
F5 Networks BIG-IP : Linux SACK Slowness vulnerability (K26618426)
Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...
CVE-2019-11477
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
Integer overflow
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
CVE-2019-11477 Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
CVE-2019-11477
Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4689)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4689 advisory. - tcp: enforce tcpminsndmss in tcpmtuprobing Eric Dumazet Orabug: 29886601 CVE-2019-11477 - tcp: add tcpminsndmss sysctl Eric Dumazet Orabug:...
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...