CVE-2019-11477 log

Severity High
Remote Yes
Type Denial of service
An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such that one can trigger a kernel panic. A remote attacker could use this to cause a denial of service (system crash).
Group Package Affected Fixed Severity Status Ticket
AVG-986 linux-hardened 5.1.10.a-1 5.1.11.a-1 High Fixed
AVG-985 linux-zen 5.1.10.zen1-1 5.1.11.zen1-1 High Fixed
AVG-984 linux-lts 4.19.51-1 4.19.52-1 High Fixed
AVG-983 linux 5.1.10.arch1-1 5.1.11.arch1-1 High Fixed
Date Advisory Group Package Severity Type
18 Jun 2019 ASA-201906-15 AVG-985 linux-zen High denial of service
18 Jun 2019 ASA-201906-14 AVG-984 linux-lts High denial of service
18 Jun 2019 ASA-201906-13 AVG-983 linux High denial of service
17 Jun 2019 ASA-201906-12 AVG-986 linux-hardened High denial of service

$ sudo sysctl -w net.ipv4.tcp_sack=0
net.ipv4.tcp_sack = 0

IMPORTANT: The sysctl modification shown above is not persistent across reboots