IM
IronMonkey Threat Research

CVE-2019-11477 HIGH

Published: 2019-06-19 | Last Modified: 2026-06-17 | Status: Modified

Description

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Additional Descriptions (1)

Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 7.8 (HIGH)

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactCOMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-190
[email protected] Primary
en CWE-190

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x72a9b0904080> Operating System
linux linux_kernel * <built-in method update of dict object at 0x72a9ccd28700> Operating System
linux linux_kernel * <built-in method update of dict object at 0x72a9b0b3af00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x72a9cc67b9c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x72a9b0907740> Operating System
linux linux_kernel * <built-in method update of dict object at 0x72a9b0905080> Operating System
f5 big-ip_advanced_firewall_manager * <built-in method update of dict object at 0x72a9b0b39dc0> Application
f5 big-ip_advanced_firewall_manager * <built-in method update of dict object at 0x72a9ccd2b5c0> Application
f5 big-ip_advanced_firewall_manager * <built-in method update of dict object at 0x72a9ccd2be80> Application
f5 big-ip_advanced_firewall_manager * <built-in method update of dict object at 0x72a9b0904d00> Application
f5 big-ip_advanced_firewall_manager 15.0.0 <built-in method update of dict object at 0x72a9b0907ec0> Application
f5 big-ip_access_policy_manager * <built-in method update of dict object at 0x72a9cc67aa00> Application
f5 big-ip_access_policy_manager * <built-in method update of dict object at 0x72a9b0b39440> Application
f5 big-ip_access_policy_manager * <built-in method update of dict object at 0x72a9cc522f80> Application
f5 big-ip_access_policy_manager * <built-in method update of dict object at 0x72a9ccd2a640> Application
f5 big-ip_access_policy_manager 15.0.0 <built-in method update of dict object at 0x72a9ccd29140> Application
f5 big-ip_application_acceleration_manager * <built-in method update of dict object at 0x72a9ccd29dc0> Application
f5 big-ip_application_acceleration_manager * <built-in method update of dict object at 0x72a9b0904100> Application
f5 big-ip_application_acceleration_manager * <built-in method update of dict object at 0x72a9b0b38d80> Application
f5 big-ip_application_acceleration_manager * <built-in method update of dict object at 0x72a9cc6990c0> Application
f5 big-ip_application_acceleration_manager 15.0.0 <built-in method update of dict object at 0x72a9b09064c0> Application
f5 big-ip_link_controller * <built-in method update of dict object at 0x72a9b0b3a5c0> Application
f5 big-ip_link_controller * <built-in method update of dict object at 0x72a9b0b394c0> Application
f5 big-ip_link_controller * <built-in method update of dict object at 0x72a9cc6783c0> Application
f5 big-ip_link_controller * <built-in method update of dict object at 0x72a9b0b38840> Application
f5 big-ip_link_controller 15.0.0 <built-in method update of dict object at 0x72a9b0a77900> Application
f5 big-ip_policy_enforcement_manager * <built-in method update of dict object at 0x72a9b0905dc0> Application
f5 big-ip_policy_enforcement_manager * <built-in method update of dict object at 0x72a9b09075c0> Application
f5 big-ip_policy_enforcement_manager * <built-in method update of dict object at 0x72a9ccd2b700> Application
f5 big-ip_policy_enforcement_manager * <built-in method update of dict object at 0x72a9cd0d8f80> Application
f5 big-ip_policy_enforcement_manager 15.0.0 <built-in method update of dict object at 0x72a9cd0db780> Application
f5 big-ip_webaccelerator * <built-in method update of dict object at 0x72a9cc679d00> Application
f5 big-ip_webaccelerator * <built-in method update of dict object at 0x72a9cd0d8740> Application
f5 big-ip_webaccelerator * <built-in method update of dict object at 0x72a9cd0d8100> Application
f5 big-ip_webaccelerator * <built-in method update of dict object at 0x72a9cd0d9380> Application
f5 big-ip_webaccelerator 15.0.0 <built-in method update of dict object at 0x72a9cd0d9300> Application
f5 big-ip_application_security_manager * <built-in method update of dict object at 0x72a9cd0db2c0> Application
f5 big-ip_application_security_manager * <built-in method update of dict object at 0x72a9cd0dacc0> Application
f5 big-ip_application_security_manager * <built-in method update of dict object at 0x72a9cd0dac80> Application
f5 big-ip_application_security_manager * <built-in method update of dict object at 0x72a9cd0d88c0> Application
f5 big-ip_application_security_manager 15.0.0 <built-in method update of dict object at 0x72a9cd0dae80> Application
f5 big-ip_local_traffic_manager * <built-in method update of dict object at 0x72a9cc425bc0> Application
f5 big-ip_local_traffic_manager * <built-in method update of dict object at 0x72a9cc424300> Application
f5 big-ip_local_traffic_manager * <built-in method update of dict object at 0x72a9cc426c40> Application
f5 big-ip_local_traffic_manager * <built-in method update of dict object at 0x72a9cc427e80> Application
f5 big-ip_local_traffic_manager 15.0.0 <built-in method update of dict object at 0x72a9cc427200> Application
f5 big-ip_fraud_protection_service * <built-in method update of dict object at 0x72a9cc679e40> Application
f5 big-ip_fraud_protection_service * <built-in method update of dict object at 0x72a9cc6780c0> Application
f5 big-ip_fraud_protection_service * <built-in method update of dict object at 0x72a9cc678bc0> Application
f5 big-ip_fraud_protection_service * <built-in method update of dict object at 0x72a9cc67a380> Application
f5 big-ip_fraud_protection_service 15.0.0 <built-in method update of dict object at 0x72a9cc67a400> Application
f5 big-ip_global_traffic_manager * <built-in method update of dict object at 0x72a9cc678300> Application
f5 big-ip_global_traffic_manager * <built-in method update of dict object at 0x72a9cc678340> Application
f5 big-ip_global_traffic_manager * <built-in method update of dict object at 0x72a9cc67a780> Application
f5 big-ip_global_traffic_manager * <built-in method update of dict object at 0x72a9cc678180> Application
f5 big-ip_global_traffic_manager 15.0.0 <built-in method update of dict object at 0x72a9cc678780> Application
f5 big-ip_analytics * <built-in method update of dict object at 0x72a9ccd2a400> Application
f5 big-ip_analytics * <built-in method update of dict object at 0x72a9cc7772c0> Application
f5 big-ip_analytics * <built-in method update of dict object at 0x72a9b0b68c40> Application
f5 big-ip_analytics * <built-in method update of dict object at 0x72a9cc777300> Application
f5 big-ip_analytics 15.0.0 <built-in method update of dict object at 0x72a9cc776e00> Application
f5 big-ip_edge_gateway * <built-in method update of dict object at 0x72a9cc7778c0> Application
f5 big-ip_edge_gateway * <built-in method update of dict object at 0x72a9cc776380> Application
f5 big-ip_edge_gateway * <built-in method update of dict object at 0x72a9cc777780> Application
f5 big-ip_edge_gateway * <built-in method update of dict object at 0x72a9cc774d40> Application
f5 big-ip_edge_gateway 15.0.0 <built-in method update of dict object at 0x72a9cc777680> Application
f5 big-ip_domain_name_system * <built-in method update of dict object at 0x72a9cc775000> Application
f5 big-ip_domain_name_system * <built-in method update of dict object at 0x72a9cc777540> Application
f5 big-ip_domain_name_system * <built-in method update of dict object at 0x72a9cc7745c0> Application
f5 big-ip_domain_name_system * <built-in method update of dict object at 0x72a9cc774540> Application
f5 big-ip_domain_name_system 15.0.0 <built-in method update of dict object at 0x72a9cc777600> Application
canonical ubuntu_linux 12.04 <built-in method update of dict object at 0x72a9cc7763c0> Operating System
canonical ubuntu_linux 14.04 <built-in method update of dict object at 0x72a9cc7743c0> Operating System
canonical ubuntu_linux 16.04 <built-in method update of dict object at 0x72a9cc774c00> Operating System
canonical ubuntu_linux 18.04 <built-in method update of dict object at 0x72a9cc7773c0> Operating System
canonical ubuntu_linux 18.10 <built-in method update of dict object at 0x72a9cc774e00> Operating System
canonical ubuntu_linux 19.04 <built-in method update of dict object at 0x72a9b0aa6280> Operating System
redhat enterprise_linux_atomic_host - <built-in method update of dict object at 0x72a9b0aa7080> Application
redhat enterprise_linux 5.0 <built-in method update of dict object at 0x72a9b0aa7a40> Operating System
redhat enterprise_linux 6.0 <built-in method update of dict object at 0x72a9b0aa6b80> Operating System
redhat enterprise_linux 7.0 <built-in method update of dict object at 0x72a9b0aa5a40> Operating System
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x72a9b0aa5280> Operating System
redhat enterprise_linux_aus 6.5 <built-in method update of dict object at 0x72a9b0aa63c0> Operating System
redhat enterprise_linux_aus 6.6 <built-in method update of dict object at 0x72a9b0aa7840> Operating System
redhat enterprise_linux_eus 7.4 <built-in method update of dict object at 0x72a9b0aa5e00> Operating System
redhat enterprise_linux_eus 7.5 <built-in method update of dict object at 0x72a9b0aa4740> Operating System
redhat enterprise_mrg 2.0 <built-in method update of dict object at 0x72a9b0aa6480> Operating System
ivanti connect_secure - <built-in method update of dict object at 0x72a9b0aa4ec0> Application
pulsesecure pulse_policy_secure - <built-in method update of dict object at 0x72a9b0c912c0> Application
pulsesecure pulse_secure_virtual_application_delivery_controller - <built-in method update of dict object at 0x72a9b0c91fc0> Application
f5 traffix_signaling_delivery_controller * <built-in method update of dict object at 0x72a9b0c91440> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*

References

Notification
Message here