CVE-2019-11477

Current Description

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Basic Data

PublishedJune 19, 2019
Last ModifiedSeptember 15, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-190
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.5
CVSS 3 - Base SeverityHIGH
Exploitability Score3.9
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********4.205.1.11
    2.3OSLinuxLinux Kernel********4.154.19.52
    2.3OSLinuxLinux Kernel********4.104.14.127
    2.3OSLinuxLinux Kernel********4.54.9.182
    2.3OSLinuxLinux Kernel********4.4.182
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Advanced Firewall Manager15.0.0*******
    2.3ApplicationF5Big-ip Advanced Firewall Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Advanced Firewall Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Advanced Firewall Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Advanced Firewall Manager********11.5.211.6.4
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Access Policy Manager15.0.0*******
    2.3ApplicationF5Big-ip Access Policy Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Access Policy Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Access Policy Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Access Policy Manager********11.5.211.6.4
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Application Acceleration Manager15.0.0*******
    2.3ApplicationF5Big-ip Application Acceleration Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Application Acceleration Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Application Acceleration Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Application Acceleration Manager********11.5.211.6.4
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Link Controller15.0.0*******
    2.3ApplicationF5Big-ip Link Controller********14.0.014.1.0
    2.3ApplicationF5Big-ip Link Controller********13.1.013.1.1
    2.3ApplicationF5Big-ip Link Controller********12.1.012.1.4
    2.3ApplicationF5Big-ip Link Controller********11.5.211.6.4
  • OR - Configuration 6
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Policy Enforcement Manager15.0.0*******
    2.3ApplicationF5Big-ip Policy Enforcement Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Policy Enforcement Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Policy Enforcement Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Policy Enforcement Manager********11.5.211.6.4
  • OR - Configuration 7
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Webaccelerator15.0.0*******
    2.3ApplicationF5Big-ip Webaccelerator********14.0.014.1.0
    2.3ApplicationF5Big-ip Webaccelerator********13.1.013.1.1
    2.3ApplicationF5Big-ip Webaccelerator********12.1.012.1.4
    2.3ApplicationF5Big-ip Webaccelerator********11.5.211.6.4
  • OR - Configuration 8
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Application Security Manager15.0.0*******
    2.3ApplicationF5Big-ip Application Security Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Application Security Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Application Security Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Application Security Manager********11.5.211.6.4
  • OR - Configuration 9
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Local Traffic Manager15.0.0*******
    2.3ApplicationF5Big-ip Local Traffic Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Local Traffic Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Local Traffic Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Local Traffic Manager********11.5.211.6.4
  • OR - Configuration 10
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Fraud Protection Service15.0.0*******
    2.3ApplicationF5Big-ip Fraud Protection Service********14.0.014.1.0
    2.3ApplicationF5Big-ip Fraud Protection Service********13.1.013.1.1
    2.3ApplicationF5Big-ip Fraud Protection Service********12.1.012.1.4
    2.3ApplicationF5Big-ip Fraud Protection Service********11.5.211.6.4
  • OR - Configuration 11
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Global Traffic Manager15.0.0*******
    2.3ApplicationF5Big-ip Global Traffic Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Global Traffic Manager********13.1.013.1.1
    2.3ApplicationF5Big-ip Global Traffic Manager********12.1.012.1.4
    2.3ApplicationF5Big-ip Global Traffic Manager********11.5.211.6.4
  • OR - Configuration 12
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Analytics15.0.0*******
    2.3ApplicationF5Big-ip Analytics********14.0.014.1.0
    2.3ApplicationF5Big-ip Analytics********13.1.013.1.1
    2.3ApplicationF5Big-ip Analytics********12.1.012.1.4
    2.3ApplicationF5Big-ip Analytics********11.5.211.6.4
  • OR - Configuration 13
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Edge Gateway15.0.0*******
    2.3ApplicationF5Big-ip Edge Gateway********14.0.014.1.0
    2.3ApplicationF5Big-ip Edge Gateway********13.1.013.1.1
    2.3ApplicationF5Big-ip Edge Gateway********12.1.012.1.4
    2.3ApplicationF5Big-ip Edge Gateway********11.5.211.6.4
  • OR - Configuration 14
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Domain Name System15.0.0*******
    2.3ApplicationF5Big-ip Domain Name System********14.0.014.1.0
    2.3ApplicationF5Big-ip Domain Name System********13.1.013.1.1
    2.3ApplicationF5Big-ip Domain Name System********12.1.012.1.4
    2.3ApplicationF5Big-ip Domain Name System********11.5.211.6.4
  • OR - Configuration 15
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux19.04*******
    2.3OSCanonicalUbuntu Linux18.10*******
    2.3OSCanonicalUbuntu Linux18.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux14.04***esm***
    2.3OSCanonicalUbuntu Linux12.04***esm***
  • OR - Configuration 16
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatVirtualization4.0*******
    2.3OSRedhatEnterprise Linux Eus7.5*******
    2.3OSRedhatEnterprise Linux Eus7.4*******
    2.3OSRedhatEnterprise Linux Aus6.6*******
    2.3OSRedhatEnterprise Linux Aus6.5*******
    2.3OSRedhatEnterprise Linux8.0*******
    2.3OSRedhatEnterprise Linux7.0*******
    2.3OSRedhatEnterprise Linux6.0*******
    2.3OSRedhatEnterprise Linux5.0*******
    2.3ApplicationRedhatEnterprise Mrg2.0*******
    2.3ApplicationRedhatEnterprise Linux Atomic Host-*******
  • OR - Configuration 17
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPulsesecurePulse Secure Virtual Application Delivery Controller-*******
    2.3ApplicationPulsesecurePulse Policy Secure-*******
    2.3ApplicationPulsesecurePulse Connect Secure-*******
  • OR - Configuration 18
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Traffix Sdc********5.0.05.1.0

Vulnerable Software List

VendorProductVersions
Pulsesecure Pulse Connect Secure -
Pulsesecure Pulse Secure Virtual Application Delivery Controller -
Pulsesecure Pulse Policy Secure -
Redhat Enterprise Linux Eus 7.4, 7.5
Redhat Enterprise Linux Atomic Host -
Redhat Enterprise Linux 5.0, 6.0, 7.0, 8.0
Redhat Enterprise Linux Aus 6.5, 6.6
Redhat Enterprise Mrg 2.0
Redhat Virtualization 4.0
Canonical Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, 19.04
Linux Linux Kernel *
F5 Big-ip Application Security Manager *, 15.0.0
F5 Traffix Sdc *
F5 Big-ip Domain Name System *, 15.0.0
F5 Big-ip Fraud Protection Service *, 15.0.0
F5 Big-ip Access Policy Manager *, 15.0.0
F5 Big-ip Analytics *, 15.0.0
F5 Big-ip Edge Gateway *, 15.0.0
F5 Big-ip Global Traffic Manager *, 15.0.0
F5 Big-ip Link Controller *, 15.0.0
F5 Big-ip Advanced Firewall Manager *, 15.0.0
F5 Big-ip Local Traffic Manager *, 15.0.0
F5 Big-ip Application Acceleration Manager *, 15.0.0
F5 Big-ip Policy Enforcement Manager *, 15.0.0
F5 Big-ip Webaccelerator *, 15.0.0

References

NameSourceURLTags
https://security.netapp.com/advisory/ntap-20190625-0001/CONFIRMhttps://security.netapp.com/advisory/ntap-20190625-0001/Mitigation Third Party Advisory Third Party Advisory Patch Mailing List Third Party Advisory Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006CONFIRMhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006Third Party Advisory Third Party Advisory Patch VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10287CONFIRMhttps://kc.mcafee.com/corporate/index?page=content&id=SB10287Vendor Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193CONFIRMhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.mdMISChttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cffMISChttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfCONFIRMhttps://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
RHSA-2019:1699REDHAThttps://access.redhat.com/errata/RHSA-2019:1699
https://access.redhat.com/security/vulnerabilities/tcpsackMISChttps://access.redhat.com/security/vulnerabilities/tcpsack
RHSA-2019:1602REDHAThttps://access.redhat.com/errata/RHSA-2019:1602
RHSA-2019:1594REDHAThttps://access.redhat.com/errata/RHSA-2019:1594
http://www.vmware.com/security/advisories/VMSA-2019-0010.htmlCONFIRMhttp://www.vmware.com/security/advisories/VMSA-2019-0010.html
[oss-security] 20191029 Re: Membership application for linux-distros - VMwareMLISThttp://www.openwall.com/lists/oss-security/2019/10/29/3
[oss-security] 20191023 Membership application for linux-distros - VMwareMLISThttp://www.openwall.com/lists/oss-security/2019/10/24/1
[oss-security] 20190706 Re: linux-distros membership application - MicrosoftMLISThttp://www.openwall.com/lists/oss-security/2019/07/06/4
[oss-security] 20190706 Re: linux-distros membership application - MicrosoftMLISThttp://www.openwall.com/lists/oss-security/2019/07/06/3
[oss-security] 20190628 Re: linux-distros membership application - MicrosoftMLISThttp://www.openwall.com/lists/oss-security/2019/06/28/2
[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issuesMLISThttp://www.openwall.com/lists/oss-security/2019/06/20/3
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-enCONFIRMhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txtCONFIRMhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlMISChttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.htmlMISChttp://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
https://support.f5.com/csp/article/K78234183CONFIRMhttps://support.f5.com/csp/article/K78234183
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanicMISChttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
VU#905115CERT-VNhttps://www.kb.cert.org/vuls/id/905115
https://www.oracle.com/security-alerts/cpujan2020.htmlMISChttps://www.oracle.com/security-alerts/cpujan2020.html
https://www.synology.com/security/advisory/Synology_SA_19_28CONFIRMhttps://www.synology.com/security/advisory/Synology_SA_19_28
https://www.us-cert.gov/ics/advisories/icsa-19-253-03MISChttps://www.us-cert.gov/ics/advisories/icsa-19-253-03