CVE-2019-11683

2019-05-0200:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x
before 5.0.13 allows remote attackers to cause a denial of service
(slab-out-of-bounds memory corruption) or possibly have unspecified other
impact via UDP packets with a 0 payload, because of mishandling of padded
packets, aka the “GRO packet of death” issue.

Notes

Author	Note
tyhicks	The receiving socket has to have the UDP_GRO socket option explicitly enabled with a call to setsockopt(2). UDP sockets are not vulnerable to this attack by default.

OSVersionArchitecturePackageVersionFilename
ubuntu19.04noarchlinux< 5.0.0-15.16UNKNOWN
ubuntu19.04noarchlinux-aws< 5.0.0-1006.6UNKNOWN
ubuntu19.04noarchlinux-azure< 5.0.0-1006.6UNKNOWN
ubuntu19.04noarchlinux-gcp< 5.0.0-1006.6UNKNOWN
ubuntu19.04noarchlinux-kvm< 5.0.0-1006.6UNKNOWN
ubuntu19.04noarchlinux-raspi2< 5.0.0-1008.8UNKNOWN
ubuntu19.04noarchlinux-snapdragon< 5.0.0-1012.12UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	19.04	noarch	linux	< 5.0.0-15.16	UNKNOWN
ubuntu	19.04	noarch	linux-aws	< 5.0.0-1006.6	UNKNOWN
ubuntu	19.04	noarch	linux-azure	< 5.0.0-1006.6	UNKNOWN
ubuntu	19.04	noarch	linux-gcp	< 5.0.0-1006.6	UNKNOWN
ubuntu	19.04	noarch	linux-kvm	< 5.0.0-1006.6	UNKNOWN
ubuntu	19.04	noarch	linux-raspi2	< 5.0.0-1008.8	UNKNOWN
ubuntu	19.04	noarch	linux-snapdragon	< 5.0.0-1012.12	UNKNOWN