CVE-2019-11477

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md	Patch Third Party Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic	Mitigation Third Party Advisory
https://access.redhat.com/security/vulnerabilities/tcpsack	Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff	Mailing List Patch Vendor Advisory
https://support.f5.com/csp/article/K78234183	Third Party Advisory
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html	Third Party Advisory VDB Entry
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193	Third Party Advisory
https://www.kb.cert.org/vuls/id/905115	Third Party Advisory US Government Resource
http://www.openwall.com/lists/oss-security/2019/06/20/3	Mailing List Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_28	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190625-0001/	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1594	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1602	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10287	Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2	Mailing List Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2019-0010.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/4	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1699	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-253-03	Third Party Advisory US Government Resource
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2019/10/24/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/29/3	Mailing List Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:15.0.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:::::::*

Configuration 7 (hide)

OR	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:::::::*

Configuration 8 (hide)

OR	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:::::::*

Configuration 9 (hide)

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:::::::*

Configuration 10 (hide)

OR	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:::::::*

Configuration 11 (hide)

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:::::::*

Configuration 12 (hide)

OR	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:15.0.0:::::::*

Configuration 13 (hide)

OR	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:::::::*

Configuration 14 (hide)

OR	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:::::::*

Configuration 15 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

Configuration 16 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:::::::*
	cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

Configuration 17 (hide)

OR	cpe:2.3:a:pulsesecure:pulse_policy_secure:-:::::::*
	cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:::::::*
	cpe:2.3:a:pulsesecure:pulse_connect_secure:-:::::::*

Configuration 18 (hide)

cpe:2.3:a:f5:traffix_sdc:*:*:*:*:*:*:*:*

Information

Published : 2019-06-18 17:15

Updated : 2023-01-17 13:28

NVD link : CVE-2019-11477

Mitre link : CVE-2019-11477

JSON object : View

CWE

CWE-190

Integer Overflow or Wraparound

Products Affected

pulsesecure

pulse_policy_secure
pulse_secure_virtual_application_delivery_controller
pulse_connect_secure

big-ip_edge_gateway
big-ip_webaccelerator
big-ip_application_security_manager
big-ip_fraud_protection_service
big-ip_global_traffic_manager
big-ip_link_controller
big-ip_domain_name_system
big-ip_advanced_firewall_manager
big-ip_access_policy_manager
traffix_sdc
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_analytics
big-ip_policy_enforcement_manager

canonical

ubuntu_linux

linux

linux_kernel

redhat

enterprise_mrg
enterprise_linux
enterprise_linux_atomic_host
enterprise_linux_aus
enterprise_linux_eus

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-11477

7.5^/10

7.8^/10

Attach tags to `CVE-2019-11477`