CVE-2019-11478
MEDIUMLinux kernel <4.4.182, <4.9.182, <4.14.127, <4.19.52, <5.1.11 - DoS
Title source: llmDescription
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References (29)
Core 29
Core References
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jul/30
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/905115
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1594
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1602
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/06/28/2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/07/06/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/07/06/4
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1699
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/10/24/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/10/29/3
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2020.html
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
Mitigation, Third Party Advisory x_refsource_misc
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/vulnerabilities/tcpsack
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html
Third Party Advisory x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
Vendor Advisory x_refsource_confirm
https://www.synology.com/security/advisory/Synology_SA_19_28
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190625-0001/
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2019-0010.html
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Various Sources x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-253-03
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
Various Sources x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K26618426
Various Sources x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
Scores
CVSS v3
5.3
EPSS
0.2976
EPSS Percentile
96.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-770
CWE-400
Status
published
Products (47)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
canonical/ubuntu_linux
19.04
f5/big-ip_access_policy_manager
15.0.0
f5/big-ip_access_policy_manager
11.5.2 - 11.6.4
f5/big-ip_advanced_firewall_manager
15.0.0
f5/big-ip_advanced_firewall_manager
11.5.2 - 11.6.4
... and 37 more
Published
Jun 19, 2019
Tracked Since
Feb 18, 2026