CVE-2019-11479

19.06.2019, 00:15

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Amplification

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
canonical	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
linux	linux_kernel	4.4 ≤ 𝑥 < 4.4.182
linux	linux_kernel	4.9 ≤ 𝑥 < 4.9.182
linux	linux_kernel	4.14 ≤ 𝑥 < 4.14.127
linux	linux_kernel	4.19 ≤ 𝑥 < 4.19.52
linux	linux_kernel	5.1 ≤ 𝑥 < 5.1.11
f5	big-ip_advanced_firewall_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_advanced_firewall_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_advanced_firewall_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_advanced_firewall_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_advanced_firewall_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_advanced_firewall_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_access_policy_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_access_policy_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_access_policy_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_access_policy_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_access_policy_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_access_policy_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_application_acceleration_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_application_acceleration_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_application_acceleration_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_application_acceleration_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_application_acceleration_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_application_acceleration_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_link_controller	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_link_controller	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_link_controller	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_link_controller	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_link_controller	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_link_controller	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_policy_enforcement_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_policy_enforcement_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_policy_enforcement_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_policy_enforcement_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_policy_enforcement_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_policy_enforcement_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_webaccelerator	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_webaccelerator	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_webaccelerator	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_webaccelerator	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_webaccelerator	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_webaccelerator	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_application_security_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_application_security_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_application_security_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_application_security_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_application_security_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_application_security_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_local_traffic_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_local_traffic_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_local_traffic_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_local_traffic_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_local_traffic_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_local_traffic_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_fraud_protection_service	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_fraud_protection_service	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_fraud_protection_service	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_fraud_protection_service	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_fraud_protection_service	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_fraud_protection_service	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_global_traffic_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_global_traffic_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_global_traffic_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_global_traffic_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_global_traffic_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_global_traffic_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_analytics	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_analytics	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_analytics	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_analytics	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_analytics	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_analytics	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_edge_gateway	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_edge_gateway	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_edge_gateway	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_edge_gateway	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_edge_gateway	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_edge_gateway	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_domain_name_system	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_domain_name_system	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_domain_name_system	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_domain_name_system	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_domain_name_system	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_domain_name_system	15.0.0 ≤ 𝑥 < 15.0.1.1
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
canonical	ubuntu_linux	19.04
redhat	enterprise_linux	7.0
f5	big-iq_centralized_management	5.1.0 ≤ 𝑥 ≤ 5.4.0
f5	big-iq_centralized_management	6.0.0 ≤ 𝑥 ≤ 6.1.0
f5	enterprise_manager	3.1.1
f5	iworkflow	2.3.0
f5	traffix_signaling_delivery_controller	5.0.0 ≤ 𝑥 ≤ 5.1.0
redhat	virtualization_host	4.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

disco	Fixed 5.0.0-20.21 released
cosmic	Fixed 4.18.0-25.26 released
bionic	Fixed 4.15.0-54.58 released
xenial	Fixed 4.4.0-154.181 released
trusty	ignored

linux-aws

disco	Fixed 5.0.0-1010.11 released
cosmic	Fixed 4.18.0-1020.24 released
bionic	Fixed 4.15.0-1043.45 released
xenial	Fixed 4.4.0-1087.98 released
trusty	Fixed 4.4.0-1048.52 released

linux-aws-hwe

disco	dne
cosmic	dne
bionic	dne
xenial	Fixed 4.15.0-1043.45~16.04.1 released
trusty	dne

linux-azure

disco	Fixed 5.0.0-1010.10 released
cosmic	Fixed 4.18.0-1023.24 released
bionic	Fixed 4.18.0-1023.24~18.04.1 released
xenial	Fixed 4.15.0-1049.54 released
trusty	Fixed 4.15.0-1049.54~14.04.1 released

linux-azure-edge

disco	dne
cosmic	dne
bionic	Fixed 4.18.0-1023.24~18.04.1 released
xenial	Fixed 4.15.0-1049.54 released
trusty	dne

linux-euclid

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-flo

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-gcp

disco	Fixed 5.0.0-1010.10 released
cosmic	Fixed 4.18.0-1015.16 released
bionic	Fixed 4.15.0-1036.38 released
xenial	Fixed 4.15.0-1036.38~16.04.1 released
trusty	dne

linux-gcp-edge

disco	dne
cosmic	dne
bionic	Fixed 4.18.0-1015.16~18.04.1 released
xenial	dne
trusty	dne

linux-gke

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-gke-4.15

disco	dne
bionic	Fixed 4.15.0-1036.38 released
xenial	dne
trusty	dne

linux-gke-5.0

disco	dne
bionic	not-affected
xenial	dne
trusty	dne

linux-goldfish

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-grouper

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe

disco	dne
cosmic	dne
bionic	Fixed 4.18.0-25.26~18.04.1 released
xenial	Fixed 4.15.0-54.58~16.04.1 released
trusty	dne

linux-hwe-edge

disco	dne
cosmic	dne
bionic	Fixed 5.0.0-20.21~18.04.1 released
xenial	Fixed 4.15.0-54.58~16.04.1 released
trusty	dne

linux-kvm

disco	Fixed 5.0.0-1010.11 released
cosmic	Fixed 4.18.0-1016.17 released
bionic	Fixed 4.15.0-1038.38 released
xenial	Fixed 4.4.0-1051.58 released
trusty	dne

linux-lts-trusty

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-utopic

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-vivid

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-wily

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	Fixed 4.4.0-154.181~14.04.1 released

linux-maguro

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-mako

disco	dne
cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-manta

disco	dne
cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

disco	Fixed 4.15.0-1045.50 released
cosmic	ignored
bionic	Fixed 4.15.0-1045.50 released
xenial	ignored
trusty	dne

linux-oracle

disco	Fixed 4.15.0-1017.19 released
cosmic	ignored
bionic	Fixed 4.15.0-1017.19 released
xenial	Fixed 4.15.0-1017.19~16.04.2 released
trusty	dne

linux-raspi2

disco	Fixed 5.0.0-1012.12 released
cosmic	Fixed 4.18.0-1018.21 released
bionic	Fixed 4.15.0-1040.43 released
xenial	Fixed 4.4.0-1114.123 released
trusty	dne

linux-snapdragon

disco	Fixed 5.0.0-1016.17 released
cosmic	dne
bionic	Fixed 4.15.0-1057.62 released
xenial	Fixed 4.4.0-1118.124 released
trusty	dne

Common Weakness Enumeration

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt

http://www.openwall.com/lists/oss-security/2019/06/28/2

http://www.openwall.com/lists/oss-security/2019/07/06/3

http://www.openwall.com/lists/oss-security/2019/07/06/4

http://www.securityfocus.com/bid/108818

https://access.redhat.com/errata/RHSA-2019:1594

https://access.redhat.com/errata/RHSA-2019:1602

https://access.redhat.com/errata/RHSA-2019:1699

https://access.redhat.com/security/vulnerabilities/tcpsack

https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

https://kc.mcafee.com/corporate/index?page=content&id=SB10287

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008

https://security.netapp.com/advisory/ntap-20190625-0001/

https://support.f5.com/csp/article/K35421172

https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4041-1/

https://usn.ubuntu.com/4041-2/

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

https://www.kb.cert.org/vuls/id/905115

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.synology.com/security/advisory/Synology_SA_19_28

https://www.us-cert.gov/ics/advisories/icsa-19-253-03

https://www.us-cert.gov/ics/advisories/icsma-20-170-06