CVE-2019-11477

HIGH

Linux Kernel 2.6.29-3.16.69 - Denial of Service via TCP SACK Integer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11477. PoCs published by sasqwatch.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2019-11477, a vulnerability in the Linux kernel's TCP implementation (SACK Panic). The exploit includes client/server applications, a kernel module for packet interception, and crafted TCP packets to trigger the vulnerability.

Description

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Exploits (1)

nomisec WORKING POC 8 stars

by sasqwatch · poc

https://github.com/sasqwatch/cve-2019-11477-poc

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-11477, a vulnerability in the Linux kernel's TCP implementation (SACK Panic). The exploit includes client/server applications, a kernel module for packet interception, and crafted TCP packets to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2019-11477)

No auth needed

Prerequisites: Two VMs (one for server, one for client) · Kernel module insertion privileges on the client · Custom TCP packet crafting setup

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (29)

Core 29

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/905115

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/06/20/3

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1594

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1602

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/06/28/2

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/07/06/3

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/07/06/4

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1699

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/10/24/1

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/10/29/3

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2020.html

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Mailing List, Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff

Patch, Third Party Advisory x_refsource_misc

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

View Patch ZIP pw:eip

Mitigation, Third Party Advisory x_refsource_misc

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

Third Party Advisory x_refsource_misc

https://access.redhat.com/security/vulnerabilities/tcpsack