CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
canonicalCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
linuxlinux_kernel
𝑥
< 4.4.182
linuxlinux_kernel
4.5 ≤
𝑥
< 4.9.182
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.127
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.52
linuxlinux_kernel
4.20 ≤
𝑥
< 5.1.11
f5big-ip_advanced_firewall_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_advanced_firewall_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_advanced_firewall_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_advanced_firewall_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_advanced_firewall_manager
15.0.0
f5big-ip_access_policy_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_access_policy_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_access_policy_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_access_policy_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_access_policy_manager
15.0.0
f5big-ip_application_acceleration_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_application_acceleration_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_application_acceleration_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_application_acceleration_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_application_acceleration_manager
15.0.0
f5big-ip_link_controller
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_link_controller
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_link_controller
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_link_controller
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_link_controller
15.0.0
f5big-ip_policy_enforcement_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_policy_enforcement_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_policy_enforcement_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_policy_enforcement_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_policy_enforcement_manager
15.0.0
f5big-ip_webaccelerator
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_webaccelerator
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_webaccelerator
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_webaccelerator
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_webaccelerator
15.0.0
f5big-ip_application_security_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_application_security_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_application_security_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_application_security_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_application_security_manager
15.0.0
f5big-ip_local_traffic_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_local_traffic_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_local_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_local_traffic_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_local_traffic_manager
15.0.0
f5big-ip_fraud_protection_service
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_fraud_protection_service
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_fraud_protection_service
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_fraud_protection_service
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_fraud_protection_service
15.0.0
f5big-ip_global_traffic_manager
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_global_traffic_manager
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_global_traffic_manager
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_global_traffic_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_global_traffic_manager
15.0.0
f5big-ip_analytics
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_analytics
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_analytics
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_analytics
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_analytics
15.0.0
f5big-ip_edge_gateway
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_edge_gateway
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_edge_gateway
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_edge_gateway
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_edge_gateway
15.0.0
f5big-ip_domain_name_system
11.5.2 ≤
𝑥
≤ 11.6.4
f5big-ip_domain_name_system
12.1.0 ≤
𝑥
≤ 12.1.4
f5big-ip_domain_name_system
13.1.0 ≤
𝑥
≤ 13.1.1
f5big-ip_domain_name_system
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_domain_name_system
15.0.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
canonicalubuntu_linux
19.04
redhatenterprise_linux_atomic_host
-
redhatenterprise_linux
5.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux_aus
6.5
redhatenterprise_linux_aus
6.6
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_mrg
2.0
ivanticonnect_secure
-
pulsesecurepulse_policy_secure
-
pulsesecurepulse_secure_virtual_application_delivery_controller
-
f5traffix_signaling_delivery_controller
5.0.0 ≤
𝑥
≤ 5.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
sid
6.11.5-1
fixed
trixie
6.11.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
disco
Fixed 5.0.0-17.18
released
cosmic
Fixed 4.18.0-22.23
released
bionic
Fixed 4.15.0-52.56
released
xenial
Fixed 4.4.0-151.178
released
trusty
Fixed 3.13.0-171.222
released
linux-aws
disco
Fixed 5.0.0-1008.8
released
cosmic
Fixed 4.18.0-1018.20
released
bionic
Fixed 4.15.0-1041.43
released
xenial
Fixed 4.4.0-1085.96
released
trusty
Fixed 4.4.0-1046.50
released
linux-aws-hwe
disco
dne
cosmic
dne
bionic
dne
xenial
Fixed 4.15.0-1041.43~16.04.1
released
trusty
dne
linux-azure
disco
Fixed 5.0.0-1008.8
released
cosmic
Fixed 4.18.0-1020.20
released
bionic
Fixed 4.18.0-1020.20~18.04.1
released
xenial
Fixed 4.15.0-1047.51
released
trusty
Fixed 4.15.0-1047.51~14.04.1
released
linux-azure-edge
disco
dne
cosmic
dne
bionic
Fixed 4.18.0-1020.20~18.04.1
released
xenial
Fixed 4.15.0-1047.51
released
trusty
dne
linux-euclid
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-flo
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-gcp
disco
Fixed 5.0.0-1008.8
released
cosmic
Fixed 4.18.0-1013.14
released
bionic
Fixed 4.15.0-1034.36
released
xenial
Fixed 4.15.0-1034.36~16.04.1
released
trusty
dne
linux-gcp-edge
disco
dne
cosmic
dne
bionic
Fixed 4.18.0-1013.14~18.04.1
released
xenial
dne
trusty
dne
linux-gke
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-gke-4.15
disco
dne
bionic
Fixed 4.15.0-1034.36
released
xenial
dne
trusty
dne
linux-gke-5.0
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-goldfish
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-grouper
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe
disco
dne
cosmic
dne
bionic
Fixed 4.18.0-22.23~18.04.1
released
xenial
Fixed 4.15.0-52.56~16.04.1
released
trusty
dne
linux-hwe-edge
disco
dne
cosmic
dne
bionic
Fixed 5.0.0-17.18~18.04.1
released
xenial
Fixed 4.15.0-52.56~16.04.1
released
trusty
dne
linux-kvm
disco
Fixed 5.0.0-1008.8
released
cosmic
Fixed 4.18.0-1014.14
released
bionic
Fixed 4.15.0-1036.36
released
xenial
Fixed 4.4.0-1048.55
released
trusty
dne
linux-lts-trusty
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-utopic
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-vivid
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-wily
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
Fixed 4.4.0-151.178~14.04.1
released
linux-maguro
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-mako
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-manta
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
disco
Fixed 4.15.0-1043.48
released
cosmic
Fixed 4.15.0-1043.48
released
bionic
Fixed 4.15.0-1043.48
released
xenial
ignored
trusty
dne
linux-oracle
disco
Fixed 4.15.0-1015.17
released
cosmic
Fixed 4.15.0-1015.17
released
bionic
Fixed 4.15.0-1015.17
released
xenial
Fixed 4.15.0-1015.17~16.04.1
released
trusty
dne
linux-raspi2
disco
Fixed 5.0.0-1010.10
released
cosmic
Fixed 4.18.0-1016.18
released
bionic
Fixed 4.15.0-1038.40
released
xenial
Fixed 4.4.0-1111.120
released
trusty
dne
linux-snapdragon
disco
Fixed 5.0.0-1014.14
released
cosmic
dne
bionic
Fixed 4.15.0-1055.59
released
xenial
Fixed 4.4.0-1115.121
released
trusty
dne
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
https://access.redhat.com/errata/RHSA-2019:1594
https://access.redhat.com/errata/RHSA-2019:1602
https://access.redhat.com/errata/RHSA-2019:1699
https://access.redhat.com/security/vulnerabilities/tcpsack
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
https://seclists.org/bugtraq/2019/Jul/30
https://security.netapp.com/advisory/ntap-20190625-0001/
https://support.f5.com/csp/article/K26618426
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
https://www.kb.cert.org/vuls/id/905115
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28
https://www.us-cert.gov/ics/advisories/icsa-19-253-03
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
https://access.redhat.com/errata/RHSA-2019:1594
https://access.redhat.com/errata/RHSA-2019:1602
https://access.redhat.com/errata/RHSA-2019:1699
https://access.redhat.com/security/vulnerabilities/tcpsack
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
https://seclists.org/bugtraq/2019/Jul/30
https://security.netapp.com/advisory/ntap-20190625-0001/
https://support.f5.com/csp/article/K26618426
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
https://www.kb.cert.org/vuls/id/905115
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28
https://www.us-cert.gov/ics/advisories/icsa-19-253-03