CVE-2019-11478 HIGH

Published: 2019-06-19 | Last Modified: 2026-06-17 | Status: Modified

Description

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Additional Descriptions (1)

Jonathan Looney descubrió que la implementación de la cola de retransmisión de TCP en tcp_fragment en el kernel de Linux podría estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit f070ef2ac66716357066b683fb0baf55f8191a2e.

CVSS Metrics

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-770
[email protected]	Primary	en CWE-400

Affected Products

Vendor	Product	Version	Update	Type
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b091bac0>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0918f00>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc120a80>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc89b240>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b091a9c0>	Operating System
f5	big-ip_advanced_firewall_manager	*	<built-in method update of dict object at 0x72a9b0919b80>	Application
f5	big-ip_advanced_firewall_manager	*	<built-in method update of dict object at 0x72a9b091b000>	Application
f5	big-ip_advanced_firewall_manager	*	<built-in method update of dict object at 0x72a9a3092140>	Application
f5	big-ip_advanced_firewall_manager	*	<built-in method update of dict object at 0x72a9b091bf80>	Application
f5	big-ip_advanced_firewall_manager	15.0.0	<built-in method update of dict object at 0x72a9b091a200>	Application
f5	big-ip_access_policy_manager	*	<built-in method update of dict object at 0x72a9cc89b280>	Application
f5	big-ip_access_policy_manager	*	<built-in method update of dict object at 0x72a9b091a380>	Application
f5	big-ip_access_policy_manager	*	<built-in method update of dict object at 0x72a9b0c45b40>	Application
f5	big-ip_access_policy_manager	*	<built-in method update of dict object at 0x72a9b0918280>	Application
f5	big-ip_access_policy_manager	15.0.0	<built-in method update of dict object at 0x72a9b091be40>	Application
f5	big-ip_application_acceleration_manager	*	<built-in method update of dict object at 0x72a9b09188c0>	Application
f5	big-ip_application_acceleration_manager	*	<built-in method update of dict object at 0x72a9b091ba00>	Application
f5	big-ip_application_acceleration_manager	*	<built-in method update of dict object at 0x72a9b091bb80>	Application
f5	big-ip_application_acceleration_manager	*	<built-in method update of dict object at 0x72a9b091ba80>	Application
f5	big-ip_application_acceleration_manager	15.0.0	<built-in method update of dict object at 0x72a9b0c47780>	Application
f5	big-ip_link_controller	*	<built-in method update of dict object at 0x72a9a3091340>	Application
f5	big-ip_link_controller	*	<built-in method update of dict object at 0x72a9b091ae80>	Application
f5	big-ip_link_controller	*	<built-in method update of dict object at 0x72a9a3093b40>	Application
f5	big-ip_link_controller	*	<built-in method update of dict object at 0x72a9cc424580>	Application
f5	big-ip_link_controller	15.0.0	<built-in method update of dict object at 0x72a9b0918c40>	Application
f5	big-ip_policy_enforcement_manager	*	<built-in method update of dict object at 0x72a9b0c46900>	Application
f5	big-ip_policy_enforcement_manager	*	<built-in method update of dict object at 0x72a9cc425a80>	Application
f5	big-ip_policy_enforcement_manager	*	<built-in method update of dict object at 0x72a9b0918940>	Application
f5	big-ip_policy_enforcement_manager	*	<built-in method update of dict object at 0x72a9b091a8c0>	Application
f5	big-ip_policy_enforcement_manager	15.0.0	<built-in method update of dict object at 0x72a9cc120ac0>	Application
f5	big-ip_webaccelerator	*	<built-in method update of dict object at 0x72a9b0c45800>	Application
f5	big-ip_webaccelerator	*	<built-in method update of dict object at 0x72a9b0918380>	Application
f5	big-ip_webaccelerator	*	<built-in method update of dict object at 0x72a9e410e9c0>	Application
f5	big-ip_webaccelerator	*	<built-in method update of dict object at 0x72a9cc122700>	Application
f5	big-ip_webaccelerator	15.0.0	<built-in method update of dict object at 0x72a9cc121040>	Application
f5	big-ip_application_security_manager	*	<built-in method update of dict object at 0x72a9cc121480>	Application
f5	big-ip_application_security_manager	*	<built-in method update of dict object at 0x72a9cc120640>	Application
f5	big-ip_application_security_manager	*	<built-in method update of dict object at 0x72a9cc120c80>	Application
f5	big-ip_application_security_manager	*	<built-in method update of dict object at 0x72a9cc122300>	Application
f5	big-ip_application_security_manager	15.0.0	<built-in method update of dict object at 0x72a9cc121140>	Application
f5	big-ip_local_traffic_manager	*	<built-in method update of dict object at 0x72a9cc120440>	Application
f5	big-ip_local_traffic_manager	*	<built-in method update of dict object at 0x72a9cd0be7c0>	Application
f5	big-ip_local_traffic_manager	*	<built-in method update of dict object at 0x72a9cd0bd880>	Application
f5	big-ip_local_traffic_manager	*	<built-in method update of dict object at 0x72a9cd0bff80>	Application
f5	big-ip_local_traffic_manager	15.0.0	<built-in method update of dict object at 0x72a9cd0bfbc0>	Application
f5	big-ip_fraud_protection_service	*	<built-in method update of dict object at 0x72a99a642e40>	Application
f5	big-ip_fraud_protection_service	*	<built-in method update of dict object at 0x72a99a641480>	Application
f5	big-ip_fraud_protection_service	*	<built-in method update of dict object at 0x72a9b091b240>	Application
f5	big-ip_fraud_protection_service	*	<built-in method update of dict object at 0x72a9b091bd80>	Application
f5	big-ip_fraud_protection_service	15.0.0	<built-in method update of dict object at 0x72a9b091b940>	Application
f5	big-ip_global_traffic_manager	*	<built-in method update of dict object at 0x72a9b091b300>	Application
f5	big-ip_global_traffic_manager	*	<built-in method update of dict object at 0x72a9b0919800>	Application
f5	big-ip_global_traffic_manager	*	<built-in method update of dict object at 0x72a9b091b500>	Application
f5	big-ip_global_traffic_manager	*	<built-in method update of dict object at 0x72a9b0918d40>	Application
f5	big-ip_global_traffic_manager	15.0.0	<built-in method update of dict object at 0x72a9b0918fc0>	Application
f5	big-ip_analytics	*	<built-in method update of dict object at 0x72a9a30910c0>	Application
f5	big-ip_analytics	*	<built-in method update of dict object at 0x72a9cd0bcf00>	Application
f5	big-ip_analytics	*	<built-in method update of dict object at 0x72a9cd0beb40>	Application
f5	big-ip_analytics	*	<built-in method update of dict object at 0x72a9cd0bf340>	Application
f5	big-ip_analytics	15.0.0	<built-in method update of dict object at 0x72a9a3091280>	Application
f5	big-ip_edge_gateway	*	<built-in method update of dict object at 0x72a9cd0bfec0>	Application
f5	big-ip_edge_gateway	*	<built-in method update of dict object at 0x72a9cd0bf740>	Application
f5	big-ip_edge_gateway	*	<built-in method update of dict object at 0x72a9cd0bc0c0>	Application
f5	big-ip_edge_gateway	*	<built-in method update of dict object at 0x72a9cd0bc5c0>	Application
f5	big-ip_edge_gateway	15.0.0	<built-in method update of dict object at 0x72a9cd0be800>	Application
f5	big-ip_domain_name_system	*	<built-in method update of dict object at 0x72a9cd0bcc00>	Application
f5	big-ip_domain_name_system	*	<built-in method update of dict object at 0x72a9cd0bd380>	Application
f5	big-ip_domain_name_system	*	<built-in method update of dict object at 0x72a9cd0bdc40>	Application
f5	big-ip_domain_name_system	*	<built-in method update of dict object at 0x72a9cd0bec80>	Application
f5	big-ip_domain_name_system	15.0.0	<built-in method update of dict object at 0x72a9cd0beb80>	Application
canonical	ubuntu_linux	12.04	<built-in method update of dict object at 0x72a9cd0bce80>	Operating System
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9cd0bfa40>	Operating System
canonical	ubuntu_linux	16.04	<built-in method update of dict object at 0x72a9cd0bf380>	Operating System
canonical	ubuntu_linux	18.04	<built-in method update of dict object at 0x72a9cd0bd6c0>	Operating System
canonical	ubuntu_linux	18.10	<built-in method update of dict object at 0x72a9cd0bd280>	Operating System
canonical	ubuntu_linux	19.04	<built-in method update of dict object at 0x72a9b0dc6800>	Operating System
redhat	enterprise_linux_atomic_host	-	<built-in method update of dict object at 0x72a9b0dc5240>	Application
redhat	enterprise_linux	5.0	<built-in method update of dict object at 0x72a9b0dc6f00>	Operating System
redhat	enterprise_linux	6.0	<built-in method update of dict object at 0x72a9b0dc4980>	Operating System
redhat	enterprise_linux	7.0	<built-in method update of dict object at 0x72a9b0dc4a80>	Operating System
redhat	enterprise_linux	8.0	<built-in method update of dict object at 0x72a9b0dc4500>	Operating System
redhat	enterprise_linux_aus	6.5	<built-in method update of dict object at 0x72a9b0dc7340>	Operating System
redhat	enterprise_linux_aus	6.6	<built-in method update of dict object at 0x72a9b0dc7ac0>	Operating System
redhat	enterprise_linux_eus	7.4	<built-in method update of dict object at 0x72a9b0dc76c0>	Operating System
redhat	enterprise_linux_eus	7.5	<built-in method update of dict object at 0x72a9b0dc6e40>	Operating System
redhat	enterprise_mrg	2.0	<built-in method update of dict object at 0x72a9b0dc6540>	Operating System
ivanti	connect_secure	-	<built-in method update of dict object at 0x72a9b0dc4e80>	Application
pulsesecure	pulse_policy_secure	-	<built-in method update of dict object at 0x72a9b0dc7300>	Application
pulsesecure	pulse_secure_virtual_application_delivery_controller	-	<built-in method update of dict object at 0x72a9b0dc6000>	Application
f5	traffix_signaling_delivery_controller	*	<built-in method update of dict object at 0x72a9b0dc5880>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_access_policy_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_access_policy_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_access_policy_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_access_policy_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_link_controller::::::::`
Yes	`cpe:2.3:a:f5:big-ip_link_controller::::::::`
Yes	`cpe:2.3:a:f5:big-ip_link_controller::::::::`
Yes	`cpe:2.3:a:f5:big-ip_link_controller::::::::`
Yes	`cpe:2.3:a:f5:big-ip_link_controller:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_webaccelerator::::::::`
Yes	`cpe:2.3:a:f5:big-ip_webaccelerator::::::::`
Yes	`cpe:2.3:a:f5:big-ip_webaccelerator::::::::`
Yes	`cpe:2.3:a:f5:big-ip_webaccelerator::::::::`
Yes	`cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_application_security_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_security_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_security_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_security_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::`
Yes	`cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::`
Yes	`cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::`
Yes	`cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::`
Yes	`cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::`
Yes	`cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_analytics::::::::`
Yes	`cpe:2.3:a:f5:big-ip_analytics::::::::`
Yes	`cpe:2.3:a:f5:big-ip_analytics::::::::`
Yes	`cpe:2.3:a:f5:big-ip_analytics::::::::`
Yes	`cpe:2.3:a:f5:big-ip_analytics:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_edge_gateway::::::::`
Yes	`cpe:2.3:a:f5:big-ip_edge_gateway::::::::`
Yes	`cpe:2.3:a:f5:big-ip_edge_gateway::::::::`
Yes	`cpe:2.3:a:f5:big-ip_edge_gateway::::::::`
Yes	`cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:big-ip_domain_name_system::::::::`
Yes	`cpe:2.3:a:f5:big-ip_domain_name_system::::::::`
Yes	`cpe:2.3:a:f5:big-ip_domain_name_system::::::::`
Yes	`cpe:2.3:a:f5:big-ip_domain_name_system::::::::`
Yes	`cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_aus:6.5:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_aus:6.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:ivanti:connect_secure:-:::::::*`
Yes	`cpe:2.3:a:pulsesecure:pulse_policy_secure:-:::::::*`
Yes	`cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::`

References

http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
Source: [email protected]

Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
Source: [email protected]
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
Source: [email protected]
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
Source: [email protected]
http://www.openwall.com/lists/oss-security/2019/06/28/2
Source: [email protected]
http://www.openwall.com/lists/oss-security/2019/07/06/3
Source: [email protected]
http://www.openwall.com/lists/oss-security/2019/07/06/4
Source: [email protected]
http://www.openwall.com/lists/oss-security/2019/10/24/1
Source: [email protected]
http://www.openwall.com/lists/oss-security/2019/10/29/3
Source: [email protected]
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
Source: [email protected]
https://access.redhat.com/errata/RHSA-2019:1594
Source: [email protected]
https://access.redhat.com/errata/RHSA-2019:1602
Source: [email protected]
https://access.redhat.com/errata/RHSA-2019:1699
Source: [email protected]
https://access.redhat.com/security/vulnerabilities/tcpsack
Source: [email protected]

Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Source: [email protected]
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
Source: [email protected]

Mailing List Patch Vendor Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
Source: [email protected]

Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
Source: [email protected]

Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
Source: [email protected]
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
Source: [email protected]
https://seclists.org/bugtraq/2019/Jul/30
Source: [email protected]
https://security.netapp.com/advisory/ntap-20190625-0001/
Source: [email protected]
https://support.f5.com/csp/article/K26618426
Source: [email protected]

Third Party Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
Source: [email protected]

Mitigation Third Party Advisory
https://www.kb.cert.org/vuls/id/905115
Source: [email protected]
https://www.oracle.com/security-alerts/cpujan2020.html
Source: [email protected]
https://www.oracle.com/security-alerts/cpuoct2020.html
Source: [email protected]
https://www.synology.com/security/advisory/Synology_SA_19_28
Source: [email protected]
https://www.us-cert.gov/ics/advisories/icsa-19-253-03
Source: [email protected]
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2019/06/28/2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2019/07/06/3
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2019/07/06/4
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2019/10/24/1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2019/10/29/3
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2019:1594
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2019:1602
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/errata/RHSA-2019:1699
Source: af854a3a-2127-422b-91ae-364da2661108
https://access.redhat.com/security/vulnerabilities/tcpsack
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Patch Vendor Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
Source: af854a3a-2127-422b-91ae-364da2661108
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
Source: af854a3a-2127-422b-91ae-364da2661108
https://seclists.org/bugtraq/2019/Jul/30
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20190625-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
https://support.f5.com/csp/article/K26618426
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory
https://www.kb.cert.org/vuls/id/905115
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.oracle.com/security-alerts/cpujan2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.oracle.com/security-alerts/cpuoct2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.synology.com/security/advisory/Synology_SA_19_28
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.us-cert.gov/ics/advisories/icsa-19-253-03
Source: af854a3a-2127-422b-91ae-364da2661108