Lucene search

Veracode Vulnerability DatabaseVERACODE:20585

HistoryJun 24, 2019 - 12:20 a.m.

Denial Of Service (DoS)

2019-06-2400:20:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

kernel is vulnerable to denial of service. The TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences, allowing a remote attacker to cause a denial of service condition in the kernel.

CPENameOperatorVersion
kerneleq2.6.32__696.1.1.bgq.el6
kerneleq2.6.32__220.4.4.bgq.el6
kerneleq2.6.32__696.28.1.el6
kerneleq2.6.32__358.6.1.el6
kerneleq3.10.0__693.el7
kerneleq2.6.32__431.40.2.el6
kerneleq2.6.32__642.6.2.el6
kerneleq3.10.0__957.1.3.el7
kerneleq2.6.32__131.17.1.el6
kerneleq2.6.32__642.3.1.el6

Name	Operator	Version
kernel	eq	2.6.32__696.1.1.bgq.el6
kernel	eq	2.6.32__220.4.4.bgq.el6
kernel	eq	2.6.32__696.28.1.el6
kernel	eq	2.6.32__358.6.1.el6
kernel	eq	3.10.0__693.el7
kernel	eq	2.6.32__431.40.2.el6
kernel	eq	2.6.32__642.6.2.el6
kernel	eq	3.10.0__957.1.3.el7
kernel	eq	2.6.32__131.17.1.el6
kernel	eq	2.6.32__642.3.1.el6

Rows per page:

1-10 of 3331

References

packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html

packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html

packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt

www.openwall.com/lists/oss-security/2019/06/28/2

www.openwall.com/lists/oss-security/2019/07/06/3

www.openwall.com/lists/oss-security/2019/07/06/4

www.openwall.com/lists/oss-security/2019/10/24/1

www.openwall.com/lists/oss-security/2019/10/29/3

www.vmware.com/security/advisories/VMSA-2019-0010.html

access.redhat.com/errata/RHSA-2019:1490

access.redhat.com/errata/RHSA-2019:1594

access.redhat.com/errata/RHSA-2019:1602

access.redhat.com/errata/RHSA-2019:1699

access.redhat.com/security/updates/classification/#important

access.redhat.com/security/vulnerabilities/tcpsack

cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e

github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

kc.mcafee.com/corporate/index?page=content&id=SB10287

psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007

seclists.org/bugtraq/2019/Jul/30

security.netapp.com/advisory/ntap-20190625-0001/

support.f5.com/csp/article/K26618426

wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

www.kb.cert.org/vuls/id/905115

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.synology.com/security/advisory/Synology_SA_19_28

www.us-cert.gov/ics/advisories/icsa-19-253-03

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Denial Of Service (DoS)

References

Related