CVE-2019-11479

EUVD-2019-3152

19.06.2019, 00:15

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Amplification

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
canonical	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	4.4 ≤ 𝑥 < 4.4.182
linux	linux_kernel	4.9 ≤ 𝑥 < 4.9.182
linux	linux_kernel	4.14 ≤ 𝑥 < 4.14.127
linux	linux_kernel	4.19 ≤ 𝑥 < 4.19.52
linux	linux_kernel	5.1 ≤ 𝑥 < 5.1.11
f5	big-ip_advanced_firewall_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_advanced_firewall_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_advanced_firewall_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_advanced_firewall_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_advanced_firewall_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_advanced_firewall_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_access_policy_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_access_policy_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_access_policy_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_access_policy_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_access_policy_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_access_policy_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_application_acceleration_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_application_acceleration_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_application_acceleration_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_application_acceleration_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_application_acceleration_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_application_acceleration_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_link_controller	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_link_controller	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_link_controller	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_link_controller	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_link_controller	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_link_controller	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_policy_enforcement_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_policy_enforcement_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_policy_enforcement_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_policy_enforcement_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_policy_enforcement_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_policy_enforcement_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_webaccelerator	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_webaccelerator	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_webaccelerator	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_webaccelerator	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_webaccelerator	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_webaccelerator	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_application_security_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_application_security_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_application_security_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_application_security_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_application_security_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_application_security_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_local_traffic_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_local_traffic_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_local_traffic_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_local_traffic_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_local_traffic_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_local_traffic_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_fraud_protection_service	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_fraud_protection_service	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_fraud_protection_service	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_fraud_protection_service	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_fraud_protection_service	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_fraud_protection_service	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_global_traffic_manager	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_global_traffic_manager	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_global_traffic_manager	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_global_traffic_manager	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_global_traffic_manager	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_global_traffic_manager	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_analytics	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_analytics	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_analytics	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_analytics	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_analytics	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_analytics	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_edge_gateway	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_edge_gateway	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_edge_gateway	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_edge_gateway	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_edge_gateway	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_edge_gateway	15.0.0 ≤ 𝑥 < 15.0.1.1
f5	big-ip_domain_name_system	11.5.2 ≤ 𝑥 < 11.6.5.1
f5	big-ip_domain_name_system	12.1.0 ≤ 𝑥 < 12.1.5.1
f5	big-ip_domain_name_system	13.1.0 ≤ 𝑥 < 13.1.3.2
f5	big-ip_domain_name_system	14.0.0 ≤ 𝑥 < 14.0.1.1
f5	big-ip_domain_name_system	14.1.2 ≤ 𝑥 < 14.1.2.1
f5	big-ip_domain_name_system	15.0.0 ≤ 𝑥 < 15.0.1.1
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
canonical	ubuntu_linux	19.04
redhat	enterprise_linux	7.0
f5	big-iq_centralized_management	5.1.0 ≤ 𝑥 ≤ 5.4.0
f5	big-iq_centralized_management	6.0.0 ≤ 𝑥 ≤ 6.1.0
f5	enterprise_manager	3.1.1
f5	iworkflow	2.3.0
f5	traffix_signaling_delivery_controller	5.0.0 ≤ 𝑥 ≤ 5.1.0
redhat	virtualization_host	4.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.11.6-1 fixed
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	Fixed 4.15.0-54.58 released
cosmic	Fixed 4.18.0-25.26 released
disco	Fixed 5.0.0-20.21 released
trusty	ignored
xenial	Fixed 4.4.0-154.181 released

linux-aws

bionic	Fixed 4.15.0-1043.45 released
cosmic	Fixed 4.18.0-1020.24 released
disco	Fixed 5.0.0-1010.11 released
trusty	Fixed 4.4.0-1048.52 released
xenial	Fixed 4.4.0-1087.98 released

linux-aws-hwe

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-1043.45~16.04.1 released

linux-azure

bionic	Fixed 4.18.0-1023.24~18.04.1 released
cosmic	Fixed 4.18.0-1023.24 released
disco	Fixed 5.0.0-1010.10 released
trusty	Fixed 4.15.0-1049.54~14.04.1 released
xenial	Fixed 4.15.0-1049.54 released

linux-azure-edge

bionic	Fixed 4.18.0-1023.24~18.04.1 released
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-1049.54 released

linux-euclid

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-flo

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-gcp

bionic	Fixed 4.15.0-1036.38 released
cosmic	Fixed 4.18.0-1015.16 released
disco	Fixed 5.0.0-1010.10 released
trusty	dne
xenial	Fixed 4.15.0-1036.38~16.04.1 released

linux-gcp-edge

bionic	Fixed 4.18.0-1015.16~18.04.1 released
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-gke

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-gke-4.15

bionic	Fixed 4.15.0-1036.38 released
disco	dne
trusty	dne
xenial	dne

linux-gke-5.0

bionic	not-affected
disco	dne
trusty	dne
xenial	dne

linux-goldfish

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-grouper

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-hwe

bionic	Fixed 4.18.0-25.26~18.04.1 released
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-54.58~16.04.1 released

linux-hwe-edge

bionic	Fixed 5.0.0-20.21~18.04.1 released
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-54.58~16.04.1 released

linux-kvm

bionic	Fixed 4.15.0-1038.38 released
cosmic	Fixed 4.18.0-1016.17 released
disco	Fixed 5.0.0-1010.11 released
trusty	dne
xenial	Fixed 4.4.0-1051.58 released

linux-lts-trusty

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-lts-utopic

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-lts-vivid

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-lts-wily

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-lts-xenial

bionic	dne
cosmic	dne
disco	dne
trusty	Fixed 4.4.0-154.181~14.04.1 released
xenial	dne

linux-maguro

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-mako

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-manta

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-oem

bionic	Fixed 4.15.0-1045.50 released
cosmic	ignored
disco	Fixed 4.15.0-1045.50 released
trusty	dne
xenial	ignored

linux-oracle

bionic	Fixed 4.15.0-1017.19 released
cosmic	ignored
disco	Fixed 4.15.0-1017.19 released
trusty	dne
xenial	Fixed 4.15.0-1017.19~16.04.2 released

linux-raspi2

bionic	Fixed 4.15.0-1040.43 released
cosmic	Fixed 4.18.0-1018.21 released
disco	Fixed 5.0.0-1012.12 released
trusty	dne
xenial	Fixed 4.4.0-1114.123 released

linux-snapdragon

bionic	Fixed 4.15.0-1057.62 released
cosmic	dne
disco	Fixed 5.0.0-1016.17 released
trusty	dne
xenial	Fixed 4.4.0-1118.124 released

Common Weakness Enumeration

References

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt

http://www.openwall.com/lists/oss-security/2019/06/28/2

http://www.openwall.com/lists/oss-security/2019/07/06/3

http://www.openwall.com/lists/oss-security/2019/07/06/4

http://www.securityfocus.com/bid/108818

https://access.redhat.com/errata/RHSA-2019:1594

https://access.redhat.com/errata/RHSA-2019:1602

https://access.redhat.com/errata/RHSA-2019:1699

https://access.redhat.com/security/vulnerabilities/tcpsack

https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

https://kc.mcafee.com/corporate/index?page=content&id=SB10287

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008

https://security.netapp.com/advisory/ntap-20190625-0001/

https://support.f5.com/csp/article/K35421172

https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS

https://usn.ubuntu.com/4041-1/

https://usn.ubuntu.com/4041-2/

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

https://www.kb.cert.org/vuls/id/905115

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.synology.com/security/advisory/Synology_SA_19_28

https://www.us-cert.gov/ics/advisories/icsa-19-253-03

https://www.us-cert.gov/ics/advisories/icsma-20-170-06