First published: Tue Jun 11 2019(Updated: )
An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS).
Credit: security@ubuntu.com security@ubuntu.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-754.15.3.el6 | 0:2.6.32-754.15.3.el6 |
redhat/kernel | <0:2.6.32-431.95.3.el6 | 0:2.6.32-431.95.3.el6 |
redhat/kernel | <0:2.6.32-504.79.3.el6 | 0:2.6.32-504.79.3.el6 |
redhat/kernel-rt | <0:3.10.0-957.21.3.rt56.935.el7 | 0:3.10.0-957.21.3.rt56.935.el7 |
redhat/kernel | <0:3.10.0-957.21.3.el7 | 0:3.10.0-957.21.3.el7 |
redhat/kernel-alt | <0:4.14.0-115.8.2.el7a | 0:4.14.0-115.8.2.el7a |
redhat/kernel | <0:3.10.0-327.79.2.el7 | 0:3.10.0-327.79.2.el7 |
redhat/kernel | <0:3.10.0-514.66.2.el7 | 0:3.10.0-514.66.2.el7 |
redhat/kernel | <0:3.10.0-693.50.3.el7 | 0:3.10.0-693.50.3.el7 |
redhat/kernel | <0:3.10.0-862.34.2.el7 | 0:3.10.0-862.34.2.el7 |
redhat/kernel-rt | <0:4.18.0-80.4.2.rt9.152.el8_0 | 0:4.18.0-80.4.2.rt9.152.el8_0 |
redhat/kernel | <0:4.18.0-80.4.2.el8_0 | 0:4.18.0-80.4.2.el8_0 |
redhat/kernel-rt | <1:3.10.0-693.50.3.rt56.644.el6 | 1:3.10.0-693.50.3.rt56.644.el6 |
redhat/redhat-release-virtualization-host | <0:4.2-11.1.el7 | 0:4.2-11.1.el7 |
redhat/redhat-virtualization-host | <0:4.2-20190618.0.el7_6 | 0:4.2-20190618.0.el7_6 |
redhat/redhat-release-virtualization-host | <0:4.3.4-1.el7e | 0:4.3.4-1.el7e |
redhat/redhat-virtualization-host | <0:4.3.4-20190620.3.el7_6 | 0:4.3.4-20190620.3.el7_6 |
debian/linux | 4.19.249-2 4.19.289-2 5.10.197-1 5.10.191-1 6.1.66-1 6.1.52-1 6.5.13-1 6.6.8-1 | |
Linux Linux kernel | >=2.6.29<3.16.69 | |
Linux Linux kernel | >=3.17<4.4.182 | |
Linux Linux kernel | >=4.5<4.9.182 | |
Linux Linux kernel | >=4.10<4.14.127 | |
Linux Linux kernel | >=4.15<4.19.52 | |
Linux Linux kernel | >=4.20<5.1.11 | |
F5 BIG-IP Advanced Firewall Manager | >=11.5.2<=11.6.4 | |
F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.4 | |
F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=13.1.1 | |
F5 BIG-IP Advanced Firewall Manager | >=14.0.0<=14.1.0 | |
F5 BIG-IP Advanced Firewall Manager | =15.0.0 | |
F5 BIG-IP Access Policy Manager | >=11.5.2<=11.6.4 | |
F5 BIG-IP Access Policy Manager | >=12.1.0<=12.1.4 | |
F5 BIG-IP Access Policy Manager | >=13.1.0<=13.1.1 | |
F5 BIG-IP Access Policy Manager | >=14.0.0<=14.1.0 | |
F5 BIG-IP Access Policy Manager | =15.0.0 | |
F5 Big-ip Application Acceleration Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Application Acceleration Manager | >=12.1.0<=12.1.4 | |
F5 Big-ip Application Acceleration Manager | >=13.1.0<=13.1.1 | |
F5 Big-ip Application Acceleration Manager | >=14.0.0<=14.1.0 | |
F5 Big-ip Application Acceleration Manager | =15.0.0 | |
F5 Big-ip Link Controller | >=11.5.2<=11.6.4 | |
F5 Big-ip Link Controller | >=12.1.0<=12.1.4 | |
F5 Big-ip Link Controller | >=13.1.0<=13.1.1 | |
F5 Big-ip Link Controller | >=14.0.0<=14.1.0 | |
F5 Big-ip Link Controller | =15.0.0 | |
F5 Big-ip Policy Enforcement Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Policy Enforcement Manager | >=12.1.0<=12.1.4 | |
F5 Big-ip Policy Enforcement Manager | >=13.1.0<=13.1.1 | |
F5 Big-ip Policy Enforcement Manager | >=14.0.0<=14.1.0 | |
F5 Big-ip Policy Enforcement Manager | =15.0.0 | |
F5 Big-ip Webaccelerator | >=11.5.2<=11.6.4 | |
F5 Big-ip Webaccelerator | >=12.1.0<=12.1.4 | |
F5 Big-ip Webaccelerator | >=13.1.0<=13.1.1 | |
F5 Big-ip Webaccelerator | >=14.0.0<=14.1.0 | |
F5 Big-ip Webaccelerator | =15.0.0 | |
F5 BIG-IP Application Security Manager | >=11.5.2<=11.6.4 | |
F5 BIG-IP Application Security Manager | >=12.1.0<=12.1.4 | |
F5 BIG-IP Application Security Manager | >=13.1.0<=13.1.1 | |
F5 BIG-IP Application Security Manager | >=14.0.0<=14.1.0 | |
F5 BIG-IP Application Security Manager | =15.0.0 | |
F5 Big-ip Local Traffic Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Local Traffic Manager | >=12.1.0<=12.1.4 | |
F5 Big-ip Local Traffic Manager | >=13.1.0<=13.1.1 | |
F5 Big-ip Local Traffic Manager | >=14.0.0<=14.1.0 | |
F5 Big-ip Local Traffic Manager | =15.0.0 | |
F5 Big-ip Fraud Protection Service | >=11.5.2<=11.6.4 | |
F5 Big-ip Fraud Protection Service | >=12.1.0<=12.1.4 | |
F5 Big-ip Fraud Protection Service | >=13.1.0<=13.1.1 | |
F5 Big-ip Fraud Protection Service | >=14.0.0<=14.1.0 | |
F5 Big-ip Fraud Protection Service | =15.0.0 | |
F5 Big-ip Global Traffic Manager | >=11.5.2<=11.6.4 | |
F5 Big-ip Global Traffic Manager | >=12.1.0<=12.1.4 | |
F5 Big-ip Global Traffic Manager | >=13.1.0<=13.1.1 | |
F5 Big-ip Global Traffic Manager | >=14.0.0<=14.1.0 | |
F5 Big-ip Global Traffic Manager | =15.0.0 | |
F5 BIG-IP Analytics | >=11.5.2<=11.6.4 | |
F5 BIG-IP Analytics | >=12.1.0<=12.1.4 | |
F5 BIG-IP Analytics | >=13.1.0<=13.1.1 | |
F5 BIG-IP Analytics | >=14.0.0<=14.1.0 | |
F5 BIG-IP Analytics | =15.0.0 | |
F5 Big-ip Edge Gateway | >=11.5.2<=11.6.4 | |
F5 Big-ip Edge Gateway | >=12.1.0<=12.1.4 | |
F5 Big-ip Edge Gateway | >=13.1.0<=13.1.1 | |
F5 Big-ip Edge Gateway | >=14.0.0<=14.1.0 | |
F5 Big-ip Edge Gateway | =15.0.0 | |
F5 Big-ip Domain Name System | >=11.5.2<=11.6.4 | |
F5 Big-ip Domain Name System | >=12.1.0<=12.1.4 | |
F5 Big-ip Domain Name System | >=13.1.0<=13.1.1 | |
F5 Big-ip Domain Name System | >=14.0.0<=14.1.0 | |
F5 Big-ip Domain Name System | =15.0.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Redhat Enterprise Linux Atomic Host | ||
Redhat Enterprise Linux | =5.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Aus | =6.5 | |
Redhat Enterprise Linux Aus | =6.6 | |
Redhat Enterprise Linux Eus | =7.4 | |
Redhat Enterprise Linux Eus | =7.5 | |
Redhat Enterprise Mrg | =2.0 | |
Ivanti Connect Secure | ||
Pulsesecure Pulse Policy Secure | ||
Pulsesecure Pulse Secure Virtual Application Delivery Controller | ||
F5 Traffix Signaling Delivery Controller | >=5.0.0<=5.1.0 | |
Pulsesecure Pulse Connect Secure |
For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)