5
CVSSv2

CVE-2019-11478

Published: 19/06/2019 Updated: 20/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A vulnerability in the Linux Kernel could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a resource consumption condition that could occur when the affected software processes TCP Selective Acknowledgment (SACK) segments. An attacker could exploit this vulnerability by repeatedly sending network traffic to the targeted system on a TCP connection with low TCP Maximum Segment Size (MSS). A successful exploit could cause the targeted system to crash, resulting in a DoS condition. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. Kernel.org has confirmed the vulnerability and released software updates.

Vulnerability Trend

Vendor Advisories

Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this updated as having a security impact of ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
The system could be made to crash if it received specially crafted network traffic ...
Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios For the oldstable distribution (stretch), this problem has been fixed in version 49168-1+deb9u4 For the s ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Impact: Moderate Public Date: 2019-06-17 CWE: CWE-400 Bugzilla: 1719128: CVE-2019-11478 Kernel: tcp: ex ...
Synopsis Important: redhat-virtualization-host security and enhancement update Type/Severity Security Advisory: Important Topic An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a sec ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Comm ...
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as ...
CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system The latest Amazon Linux AMIs as available in AWS EC2 already contain these kernels and are not vulnerable ...
Arch Linux Security Advisory ASA-201906-12 ========================================== Severity: High Date : 2019-06-17 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-hardened Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-986 Summary ======= The package linux-hardened before vers ...
Arch Linux Security Advisory ASA-201906-14 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-lts Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-984 Summary ======= The package <a href="/package/linux-lts" ...
Arch <a href="/package/linux">Linux</a> Security Advisory ASA-201906-13 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-983 Summary ======= The pa ...
Arch Linux Security Advisory ASA-201906-15 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Package : linux-zen Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-985 Summary ======= The package <a href="/package/linux-zen" ...
There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479) An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition ...
There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479) An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition ...
Multiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console These vulnerabilities could permit a remote attacker to cause a denial of service by causing a host crash or by causing reduced service capacity due to resource exhaustion The vulnerabilities have been assigne ...
CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernels and are not vulnerable ...
IBM Cloud Kubernetes Service is vulnerable to CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 Linux Kernel security vulnerabilities which could result in a denial of service attack ...
Power Hardware Management Console is affected by security vulnerabilities in the Linux Kernel Power Hardware Management Console has addressed the applicable CVEs ...
Oracle Linux Bulletin - July 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Pa ...
Debian Bug report logs - #928989 linux-image-4190-4-amd64: CVE-2019-11815 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Jeff Cliff <jeffreycliff@gmailcom> Date: Tue, 14 May 2019 18:39:01 UTC Severity: important Tags: security Found in versions l ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products Publication Date: 2019-09-10 Last Update: 2019-09-10 Current Version: 10 CVSS v30 Base Score: 75 SUMMARY ======= Multiple industrial products are affected by a vulnerability in the kernel kn ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-3846 , CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of ar ...
The updates indicated below have been released to address the following vulnerabilities: OpenSLL vulnerabilites – CVE-2019-1559, CVE-2018-0734 Linix Kernel vulnerabilites – CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 ...
CVE-2019-11477: The Linux kernel is vulnerable to an integer overflow in the 16 bit width of  TCP_SKB_CB(skb)->tcp_gso_segs  A remote attacker could use this to cause a denial of service  CVE-2019-11478:The Linux kernel is vulnerable to a flaw that allows attackers to send a crafted sequence of SACKs which will fragment the TCP retransmissi ...
Multiple vulnerabilities affect IBM Cloud Object Storage Systems These vulnerabilities have been addressed in the latest ClevOS releases ...
IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling (MDS) There are Microarchitectural (hardware) implementation issues that could allow an unprivileged local attacker to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise ...
Multiple vulnerabilities in the Linux Kernel such as denial of service, elevation of privileges, execution of arbitrary code on the system, and the ability to obtain sensitive information affect IBM Spectrum Protect Plus UPDATED: 11 September 2019 to add CVE-2019-15925 ...
Multiple Security vulnerabilities have been fixed and delivered in IBM Security Access Manager Appliance ...
AT&T has released versions 1801-za for the Vyatta 5600 Details of these releases can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...
Palo Alto Networks is aware of recent vulnerability disclosures known as TCP SACK Panic vulnerabilities (Ref: PAN-119745/ CVE-2019-5599, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) ...
IBM Security Privileged Identity Manager has addressed the following security vulnerabilities ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4484-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso July 20, 2019 wwwdebianorg/security/faq ...
Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels There are patc ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4465-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 17, 2019 wwwdebianorg/security/faq ...
On Fri, Jun 28, 2019 at 02:57:43PM +0200, Solar Designer wrote: True, but we care about more than just the kernel side of things Can I suggest that we fork the discussion around security-bugsrst to LKML? I can suggest an initial patch to address your comments here but I think that this is better handled on LKML My concern with Monday is ...

Github Repositories

Статьи о Linux

docLinux Изменение размера root lvm раздела Логирование вывода консоли Перенаправления OOM killer mount - примеры Демон подкачки ядра (kswapd) Заставить «OOM killer'а» игнорировать процесс Как просмотреть активные проце

Frankfurter Freifunk-Firmware Firmware-Branches Stable Die aktuelle Stabile Firmware Die Releases basieren auf den Git-Tags, die unter githubcom/freifunk-ffm/site-ffffm/releases zu finden sind Wenn du selbst eine Stable-Firmware bauen willst, musst du den entsprechenden Tag auschecken und mittels "/cish" bauen RC Eine Release Candidate-Firmware ist eine

Frankfurter Freifunk-Firmware Firmware-Branches Stable Die aktuelle Stabile Firmware Die Releases basieren auf den Git-Tags, die unter githubcom/freifunk-ffm/site-ffffm/releases zu finden sind Wenn du selbst eine Stable-Firmware bauen willst, musst du den entsprechenden Tag auschecken und mittels "/cish" bauen RC Eine Release Candidate-Firmware ist eine

Asuswrt-Merlin 384/NG Changelog 38418 (28-June-2020) NOTE: A number of changes for some models are not backward compatible with previous versions Downgrading to a previous release will require a factory default reset afterward in many cases UPDATED: Merged GPL 384_8563 for AX models UPDATED: Merged GPL 384_81918 for mainline models UPDATED: Merged SDK + binary blobs 384_

Kaosagnt's Ansible Everyday Utils

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

Recent Articles

Microsoft Patches A Pair of Zero-Days Under Active Attack
Threatpost • Tara Seals • 09 Jul 2019

Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash.
Eleven of the critical bugs are for scripting engines and browsers, and the four others affect the DHCP Server, GDI+, the .NET Framework and the Azure DevOps Server/Team Foundation Server.
“Scripting engine, browser, GDI+, and .NET Framew...

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline
Threatpost • Tara Seals • 18 Jun 2019

Multiple TCP-based remote denial-of-service vulnerabilities have been uncovered in the FreeBSD and Linux kernels by Netflix researchers. Exploitation would interrupt TCP connections and therefore streaming content flows to vulnerable Linux-based PCs (putting a crimp in binge-watching, for instance). Attackers could also disable connections to vulnerable Linux-powered internet of things gadgets, taking them offline.
First up, three related flaws denial-of-service (DoS) were found in the Lin...

Sad SACK: Linux PCs, servers, gadgets can be crashed by 'Ping of Death' network packets
The Register • Shaun Nichols in San Francisco • 17 Jun 2019

Don't let miscreants play hacky-SACK with your gear. Apply these mitigations, patches now if you can

It is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack.
Given that Linux powers an incredible amount of stuff these days, anything from network or internet-connected TVs, routers, thermostats, light switches, CCTV cameras, and robot vacuum cleaners, to servers, PCs, Android and ChromeOS...

Multiple Linux and FreeBSD DoS Vulnerabilities Found by Netflix
BleepingComputer • Sergiu Gatlan • 17 Jun 2019

A denial of service flaw found in the way recent Linux and FreeBSD kernels handle TCP networking can be exploited by remote attackers to trigger a kernel panic in vulnerable systems.
In all, Netflix Information Security's Jonathan Looney found three Linux vulnerabilities, two related to "the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities," and one related only to MSS, with the most serious one named SACK Panic being the one that can cause affected system...

References

CWE-400http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlhttp://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.htmlhttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txthttp://www.openwall.com/lists/oss-security/2019/06/28/2http://www.openwall.com/lists/oss-security/2019/07/06/3http://www.openwall.com/lists/oss-security/2019/07/06/4http://www.openwall.com/lists/oss-security/2019/10/24/1http://www.openwall.com/lists/oss-security/2019/10/29/3http://www.vmware.com/security/advisories/VMSA-2019-0010.htmlhttps://access.redhat.com/errata/RHSA-2019:1594https://access.redhat.com/errata/RHSA-2019:1602https://access.redhat.com/errata/RHSA-2019:1699https://access.redhat.com/security/vulnerabilities/tcpsackhttps://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfhttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2ehttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193https://kc.mcafee.com/corporate/index?page=content&id=SB10287https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007https://seclists.org/bugtraq/2019/Jul/30https://security.netapp.com/advisory/ntap-20190625-0001/https://support.f5.com/csp/article/K26618426https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanichttps://www.kb.cert.org/vuls/id/905115https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.synology.com/security/advisory/Synology_SA_19_28https://www.us-cert.gov/ics/advisories/icsa-19-253-03https://www.securityfocus.com/bid/108798http://tools.cisco.com/security/center/viewAlert.x?alertId=60347https://nvd.nist.govhttps://usn.ubuntu.com/4017-1/https://www.kb.cert.org/vuls/id/905115