Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html cve-icon cve-icon
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html cve-icon cve-icon
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt cve-icon cve-icon
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/06/20/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/06/28/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/07/06/3 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/07/06/4 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/10/24/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2019/10/29/3 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2019-0010.html cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1594 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1602 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1699 cve-icon cve-icon
https://access.redhat.com/security/vulnerabilities/tcpsack cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf cve-icon cve-icon
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff cve-icon cve-icon
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md cve-icon cve-icon
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10287 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-11477 cve-icon
https://patchwork.ozlabs.org/project/netdev/list/?series=114310 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190625-0001/ cve-icon cve-icon
https://support.f5.com/csp/article/K78234183 cve-icon cve-icon
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-11477 cve-icon
https://www.kb.cert.org/vuls/id/905115 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2019/06/17/5 cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.synology.com/security/advisory/Synology_SA_19_28 cve-icon cve-icon
https://www.us-cert.gov/ics/advisories/icsa-19-253-03 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2024-09-17T02:21:15.995Z

Reserved: 2019-04-23T00:00:00

Link: CVE-2019-11477

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-06-19T00:15:12.640

Modified: 2024-11-21T04:21:09.480

Link: CVE-2019-11477

cve-icon Redhat

Severity : Important

Publid Date: 2019-06-17T17:00:00Z

Links: CVE-2019-11477 - Bugzilla

cve-icon OpenCVE Enrichment

No data.