CVE-2019-11477
Summary
| CVE | CVE-2019-11477 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-19 00:15:00 UTC |
| Updated | 2023-08-16 14:17:00 UTC |
| Description | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Analytics | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Analytics | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Domain Name System | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Link Controller | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | 15.0.0 | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Traffix Sdc | All | All | All | All |
| Application | F5 | Traffix Signaling Delivery Controller | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Application | Pulsesecure | Pulse Connect Secure | - | All | All | All |
| Application | Pulsesecure | Pulse Connect Secure | - | All | All | All |
| Application | Pulsesecure | Pulse Policy Secure | - | All | All | All |
| Application | Pulsesecure | Pulse Policy Secure | - | All | All | All |
| Application | Pulsesecure | Pulse Secure Virtual Application Delivery Controller | - | All | All | All |
| Application | Pulsesecure | Pulse Secure Virtual Application Delivery Controller | - | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Application | Redhat | Enterprise Linux Atomic Host | - | All | All | All |
| Application | Redhat | Enterprise Linux Atomic Host | - | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Aus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 7.5 | All | All | All |
| Application | Redhat | Enterprise Mrg | 2.0 | All | All | All |
| Operating System | Redhat | Enterprise Mrg | 2.0 | All | All | All |
| Application | Redhat | Enterprise Mrg | 2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Linux Kernel TCP SACK Panic Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| kernel/git/netdev/net.git - Netdev Group's networking tree | MISC | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| oss-security - Re: Membership application for linux-distros - VMware | MLIST | www.openwall.com | |
| Public KB - SA44193 - 2019-06: Out-of-Cycle Advisory: Multiple Linux Kernel and FreeBSD vulnerabilities | CONFIRM | kb.pulsesecure.net | Third Party Advisory |
| Siemens Industrial Products (Update G) | CISA | MISC | www.us-cert.gov | |
| www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt | CONFIRM | www.arubanetworks.com | |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf | CONFIRM | cert-portal.siemens.com | |
| TCP SACK PANIC - Kernel vulnerabilities - CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479 - Red Hat Customer Portal | MISC | access.redhat.com | Third Party Advisory |
| oss-security - Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues | MLIST | www.openwall.com | |
| oss-security - Re: linux-distros membership application - Microsoft | MLIST | www.openwall.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| oss-security - Re: linux-distros membership application - Microsoft | MLIST | www.openwall.com | |
| Security Advisory | CONFIRM | psirt.global.sonicwall.com | |
| Security Advisory - Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) | CONFIRM | www.huawei.com | |
| Synology Inc. | CONFIRM | www.synology.com | |
| support.f5.com/csp/article/K78234183 | CONFIRM | support.f5.com | Third Party Advisory |
| McAfee Security Bulletin – Updates for Linux kernel TCP Sad SACK vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) | CONFIRM | kc.mcafee.com | |
| Kernel Live Patch Security Notice LSN-0058-1 ≈ Packet Storm | MISC | packetstormsecurity.com | |
| VMSA-2019-0010.1 | CONFIRM | www.vmware.com | |
| VU#905115 - Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels | CERT-VN | www.kb.cert.org | |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | |
| SecurityTeam/KnowledgeBase/SACKPanic - Ubuntu Wiki | MISC | wiki.ubuntu.com | Mitigation, Third Party Advisory |
| oss-security - Re: linux-distros membership application - Microsoft | MLIST | www.openwall.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| oss-security - Membership application for linux-distros - VMware | MLIST | www.openwall.com | |
| Kernel Live Patch Security Notice LSN-0052-1 ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| security-bulletins/2019-001.md at master · Netflix/security-bulletins · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Jonathan Looney from Netflix
Legacy QID Mappings
- 610318 Google Android February 2021 Security Patch Missing for Huawei EMUI