An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such that one can trigger a kernel panic. A remote attacker could use this to cause a denial of service (system crash).
An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such that one can trigger a kernel panic. A remote attacker could use this to cause a denial of service (system crash).
https://www.openwall.com/lists/oss-security/2019/06/17/5 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
Workaround: $ sudo sysctl -w net.ipv4.tcp_sack=0 net.ipv4.tcp_sack = 0 IMPORTANT: The sysctl modification shown above is not persistent across reboots