CVE-2019-11477

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.182 Linux kernel versions prior to 4.9.182 Linux kernel versions prior to 4.14.127 Linux kernel versions prior to 4.19.52 Linux kernel versions prior to 5.1.11

Description The issue is related to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service by sending a specially crafted sequence of SACK packets. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. The vulnerability is related to the TCP SKB CB(skb)->tcp gso segs value.

Recommendations For Linux kernel versions prior to 4.4.182, update to version 4.4.182 or later. For Linux kernel versions prior to 4.9.182, update to version 4.9.182 or later. For Linux kernel versions prior to 4.14.127, update to version 4.14.127 or later. For Linux kernel versions prior to 4.19.52, update to version 4.19.52 or later. For Linux kernel versions prior to 5.1.11, update to version 5.1.11 or later. As a temporary workaround, consider restricting the use of TCP Selective Acknowledgments (SACKs) until a patch is available.