CVE-2019-18805

CRITICAL

Linux Kernel < 5.0.11 - Denial of Service via Integer Overflow in tcp_ack_update_rtt

Title source: llm

Description

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

References (6)

Core 6

Core References

Mailing List, Patch, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11

Mailing List, Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20191205-0001/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0740

Scores

CVSS v3 9.8

EPSS 0.0057

EPSS Percentile 68.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (19)

broadcom/fabric_operating_system

linux/linux_kernel 5.1 rc1 (7 CPE variants)

linux/linux_kernel 4.4 - 4.4.180

netapp/active_iq_unified_manager

netapp/aff_a400_firmware

netapp/aff_a700s_firmware

netapp/data_availability_services

netapp/e-series_santricity_os_controller 11.0.0 - 11.60.3

netapp/fas8300_firmware

netapp/fas8700_firmware

... and 9 more

Published Nov 07, 2019

Tracked Since Feb 18, 2026