Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-11478
HistoryJun 17, 2019 - 12:00 a.m.

CVE-2019-11478

2019-06-1700:00:00
ubuntu.com
ubuntu.com
21

0.967 High

EPSS

Percentile

99.7%

Jonathan Looney discovered that the TCP retransmission queue implementation
in tcp_fragment in the Linux kernel could be fragmented when handling
certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker
could use this to cause a denial of service. This has been fixed in stable
kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed
in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Bugs

Notes

Author Note
tyhicks This vulnerability results in exhausted CPU resources on kernels < 4.15 This vulnerability results in exhausted kernel memory on kernels >= 4.15
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-52.56UNKNOWN
ubuntu18.10noarchlinux< 4.18.0-22.23UNKNOWN
ubuntu19.04noarchlinux< 5.0.0-17.18UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-171.222) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux< 4.4.0-151.178UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1041.43UNKNOWN
ubuntu18.10noarchlinux-aws< 4.18.0-1018.20UNKNOWN
ubuntu19.04noarchlinux-aws< 5.0.0-1008.8UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1046.50) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1085.96UNKNOWN
Rows per page:
1-10 of 471