CVE-2019-11477

Source
Severity High
Remote Yes
Type Denial of service
Description
An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such that one can trigger a kernel panic. A remote attacker could use this to cause a denial of service (system crash).
Group Package Affected Fixed Severity Status Ticket
AVG-986 linux-hardened 5.1.10.a-1 5.1.11.a-1 High Fixed
AVG-985 linux-zen 5.1.10.zen1-1 5.1.11.zen1-1 High Fixed
AVG-984 linux-lts 4.19.51-1 4.19.52-1 High Fixed
AVG-983 linux 5.1.10.arch1-1 5.1.11.arch1-1 High Fixed
Date Advisory Group Package Severity Description
18 Jun 2019 ASA-201906-15 AVG-985 linux-zen High denial of service
18 Jun 2019 ASA-201906-14 AVG-984 linux-lts High denial of service
18 Jun 2019 ASA-201906-13 AVG-983 linux High denial of service
17 Jun 2019 ASA-201906-12 AVG-986 linux-hardened High denial of service
References
https://www.openwall.com/lists/oss-security/2019/06/17/5
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://access.redhat.com/security/vulnerabilities/tcpsack
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
Notes
Workaround:

$ sudo sysctl -w net.ipv4.tcp_sack=0
net.ipv4.tcp_sack = 0

IMPORTANT: The sysctl modification shown above is not persistent across reboots