PT-2019-2417 · Linux+7 · Linux Kernel+7

Jonathan Looney

·

Published

2019-05-18

·

Updated

2024-12-20

·

CVE-2019-11478

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.182 Linux kernel versions prior to 4.9.182 Linux kernel versions prior to 4.14.127 Linux kernel versions prior to 4.19.52 Linux kernel versions prior to 5.1.11
Description The issue is related to the TCP retransmission queue implementation in the Linux kernel when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could exploit this to cause a denial of service by sending a specially crafted sequence of SACK packets, leading to resource exhaustion.
Recommendations For Linux kernel versions prior to 4.4.182, update to version 4.4.182 or later. For Linux kernel versions prior to 4.9.182, update to version 4.9.182 or later. For Linux kernel versions prior to 4.14.127, update to version 4.14.127 or later. For Linux kernel versions prior to 4.19.52, update to version 4.19.52 or later. For Linux kernel versions prior to 5.1.11, update to version 5.1.11 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALT-PU-2019-2116
ALT-PU-2019-2117
ALT-PU-2019-2120
ALT-PU-2019-2134
ALT-PU-2019-2136
ALT-PU-2019-2156
ALT-PU-2019-2157
ALT-PU-2019-2180
ALT-PU-2019-2213
ALT-PU-2019-2234
ALT-PU-2019-2311
ALT-PU-2019-2366
ALT-PU-2019-2377
ALT-PU-2019-2382
ALT-PU-2019-2401
ALT-PU-2019-2465
ALT-PU-2019-2481
ALT-PU-2019-3128
ALT-PU-2019-3138
ALT-PU-2020-1025
ALT-PU-2020-1028
ALT-PU-2020-1070
ALT-PU-2020-1138
ALT-PU-2020-1139
ALT-PU-2020-1140
ALT-PU-2020-1147
ALT-PU-2020-1148
ALT-PU-2021-1745
BDU:2019-02195
CESA-2019_1479
CESA-2019_1480
CESA-2019_1481
CESA-2019_1488
CVE-2019-11478
DLA-1823-1
DLA-1824-1
DLA-1862-1
DSA-4465-1
DSA-4484-1
MGASA-2019-0195
MGASA-2019-0196
MGASA-2019-0197
OPENSUSE-SU-2019:1571-1
OPENSUSE-SU-2019:1579-1
OPENSUSE-SU-2019_1570-1
OPENSUSE-SU-2019_1571-1
OPENSUSE-SU-2019_1579-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2019:1479
RHSA-2019:1480
RHSA-2019:1481
RHSA-2019:1482
RHSA-2019:1483
RHSA-2019:1484
RHSA-2019:1485
RHSA-2019:1486
RHSA-2019:1487
RHSA-2019:1488
RHSA-2019:1489
RHSA-2019:1490
RHSA-2019:1594
RHSA-2019:1602
RHSA-2019:1699
RHSA-2019_1479
RHSA-2019_1480
RHSA-2019_1481
RHSA-2019_1486
RHSA-2019_1488
SUSE-SU-2019:14089-1
SUSE-SU-2019:1527-1
SUSE-SU-2019:1529-1
SUSE-SU-2019:1530-1
SUSE-SU-2019:1532-1
SUSE-SU-2019:1533-1
SUSE-SU-2019:1534-1
SUSE-SU-2019:1535-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:1581-1
SUSE-SU-2019:1588-1
SUSE-SU-2019:1668-1
SUSE-SU-2019:1671-1
SUSE-SU-2019:1674-1
SUSE-SU-2019:1692-1
SUSE-SU-2019:1851-1
SUSE-SU-2019:1855-1
SUSE-SU-2019:1882-1
SUSE-SU-2019:1888-1
SUSE-SU-2019:1889-1
SUSE-SU-2019:1924-1
SUSE-SU-2019:1935-1
SUSE-SU-2019:1948-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019:2821-1
SUSE-SU-2019_14089-1
SUSE-SU-2019_1935-1
USN-4017-1
USN-4017-2

Affected Products

Alt Linux
Centos
Check Point Gaia
Linux Kernel
Red Hat
Suse
Ubuntu
Vmware Vcenter