CVE-2019-11477 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such that one can trigger a kernel panic. A remote attacker could use this to cause a denial of service (system crash).

Group	Package	Affected	Fixed	Severity	Status
AVG-986	linux-hardened	5.1.10.a-1	5.1.11.a-1	High	Fixed
AVG-985	linux-zen	5.1.10.zen1-1	5.1.11.zen1-1	High	Fixed
AVG-984	linux-lts	4.19.51-1	4.19.52-1	High	Fixed
AVG-983	linux	5.1.10.arch1-1	5.1.11.arch1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
18 Jun 2019	ASA-201906-15	AVG-985	linux-zen	High	denial of service
18 Jun 2019	ASA-201906-14	AVG-984	linux-lts	High	denial of service
18 Jun 2019	ASA-201906-13	AVG-983	linux	High	denial of service
17 Jun 2019	ASA-201906-12	AVG-986	linux-hardened	High	denial of service

References
https://www.openwall.com/lists/oss-security/2019/06/17/5 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://access.redhat.com/security/vulnerabilities/tcpsack https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff

References

https://www.openwall.com/lists/oss-security/2019/06/17/5
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://access.redhat.com/security/vulnerabilities/tcpsack
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff

Notes
Workaround: $ sudo sysctl -w net.ipv4.tcp_sack=0 net.ipv4.tcp_sack = 0 IMPORTANT: The sysctl modification shown above is not persistent across reboots