Bug 1719123 (CVE-2019-11477)
Summary: | CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, ahardin, airlied, a.klindt, asavkov, bfinger, bhu, blc, bleanhar, brdeoliv, bskeggs, ccoleman, dblechte, dedgar, dfediuck, dhoward, dvlasenk, eedri, esammons, fhrbata, fwestpha, hannsj_uhl, hdegoede, hkrzesin, iboverma, ichavero, igkioka, itamar, jarodwilson, jbenc, jeremy, jforbes, jglisse, jgoulding, jkacur, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, kgrant, labbott, lgoncalv, linville, matt, mchappel, mchehab, mcressma, mgoldboi, michal.skrivanek, mjg59, mlangsdo, mleitner, mmilgram, mszczewski, nhorman, nmurray, plougher, pmatouse, pmyers, ppandit, qguo, rkhan, rt-maint, rvrbovsk, sbonazzo, security-response-team, sherold, steved, williams, yjog, yturgema, z-yk |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-07-12 13:07:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1719584, 1719585, 1719586, 1719587, 1719588, 1719590, 1719591, 1719592, 1719593, 1719594, 1719595, 1719596, 1719597, 1719598, 1719599, 1719600, 1719601, 1719602, 1719603, 1719604, 1719605, 1719606, 1719607, 1720458, 1720692, 1720693, 1721057, 1721058, 1721059, 1721119, 1721254, 1726402, 1726403, 1726428 | ||
Bug Blocks: | 1719124, 1719214, 1719215, 1719216, 1719217, 1719218, 1719219 |
Description
Sam Fowler
2019-06-11 06:20:39 UTC
Acknowledgments: Name: Jonathan Looney (Netflix Information Security) Statement: Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack Mitigation: For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1721254] External References: https://www.openwall.com/lists/oss-security/2019/06/17/5 https://patchwork.ozlabs.org/project/netdev/list/?series=114310 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1479 https://access.redhat.com/errata/RHSA-2019:1479 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:1488 https://access.redhat.com/errata/RHSA-2019:1488 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1481 https://access.redhat.com/errata/RHSA-2019:1481 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:1482 https://access.redhat.com/errata/RHSA-2019:1482 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Extended Update Support Via RHSA-2019:1483 https://access.redhat.com/errata/RHSA-2019:1483 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:1489 https://access.redhat.com/errata/RHSA-2019:1489 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:1490 https://access.redhat.com/errata/RHSA-2019:1490 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Red Hat Enterprise Linux 7.2 Telco Extended Update Support Via RHSA-2019:1485 https://access.redhat.com/errata/RHSA-2019:1485 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2019:1484 https://access.redhat.com/errata/RHSA-2019:1484 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1480 https://access.redhat.com/errata/RHSA-2019:1480 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:1487 https://access.redhat.com/errata/RHSA-2019:1487 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1486 https://access.redhat.com/errata/RHSA-2019:1486 This issue has been addressed in the following products: Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1594 https://access.redhat.com/errata/RHSA-2019:1594 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:1602 https://access.redhat.com/errata/RHSA-2019:1602 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4 (RH CoreOS) Via RHBA-2019:1589 https://access.redhat.com/errata/RHBA-2019:1589 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:1699 https://access.redhat.com/errata/RHSA-2019:1699 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11477 OpenShift Container Platform 4 does not ship its own kernel package, instead using versions shipped in RHEL. Removing from flaw bug affects. |