Veracode Vulnerability DatabaseVERACODE:20584Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
kernel is vulnerable to denial of service. An integer overflow flaw was found in the way the Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel’s socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).
References
packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
www.openwall.com/lists/oss-security/2019/06/20/3
www.openwall.com/lists/oss-security/2019/06/28/2
www.openwall.com/lists/oss-security/2019/07/06/3
www.openwall.com/lists/oss-security/2019/07/06/4
www.openwall.com/lists/oss-security/2019/10/24/1
www.openwall.com/lists/oss-security/2019/10/29/3
www.vmware.com/security/advisories/VMSA-2019-0010.html
access.redhat.com/errata/RHSA-2019:1490
access.redhat.com/errata/RHSA-2019:1594
access.redhat.com/errata/RHSA-2019:1602
access.redhat.com/errata/RHSA-2019:1699
access.redhat.com/security/updates/classification/#important
access.redhat.com/security/vulnerabilities/tcpsack
cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
kc.mcafee.com/corporate/index?page=content&id=SB10287
psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
security.netapp.com/advisory/ntap-20190625-0001/
support.f5.com/csp/article/K78234183
wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
www.kb.cert.org/vuls/id/905115
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpuoct2020.html
www.synology.com/security/advisory/Synology_SA_19_28
www.us-cert.gov/ics/advisories/icsa-19-253-03
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C