CVE-2019-18805: Integer Overflow
First published: Tue Apr 16 2019(Updated: )
A flaw was reported in kernel TCP subsystem while calculating a packet round trip time, when a sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) when is set wrongly. This causes an integer over flaw which can lead to a Denial Of Service (DOS) attack. Additional Information: ----------------------- <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-alt | <0:4.14.0-115.18.1.el7a | 0:4.14.0-115.18.1.el7a |
| redhat/kernel-rt | <0:4.18.0-193.rt13.51.el8 | 0:4.18.0-193.rt13.51.el8 |
| redhat/kernel | <0:4.18.0-193.el8 | 0:4.18.0-193.el8 |
| Linux Linux kernel | >=4.4<4.4.180 | |
| Linux Linux kernel | >=4.9<4.9.172 | |
| Linux Linux kernel | >=4.14<4.14.115 | |
| Linux Linux kernel | >=4.19<4.19.38 | |
| Linux Linux kernel | >=5.0<5.0.11 | |
| Linux Linux kernel | =5.1-rc1 | |
| Linux Linux kernel | =5.1-rc2 | |
| Linux Linux kernel | =5.1-rc3 | |
| Linux Linux kernel | =5.1-rc4 | |
| Linux Linux kernel | =5.1-rc5 | |
| Linux Linux kernel | =5.1-rc6 | |
| Linux Linux kernel | =5.1-rc7 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| Redhat Enterprise Linux | =7.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Data Availability Services | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.3 | |
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Hci Compute Node | ||
| Netapp Hci Storage Node | ||
| Broadcom Fabric Operating System | ||
| Netapp Aff A700s Firmware | ||
| NetApp AFF A700s | ||
| Netapp Fas8300 Firmware | ||
| Netapp Fas8300 | ||
| Netapp Fas8700 Firmware | ||
| Netapp Fas8700 | ||
| Netapp Aff A400 Firmware | ||
| Netapp Aff A400 | ||
| Netapp H610s Firmware | ||
| Netapp H610s |
Remedy
This flaw can be mitigated by setting the sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) with 300 which means the packet time will not exceed more then 5 minutes and which should not cause an integer overflow.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html
- https://access.redhat.com/errata/RHSA-2020:0740
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1771498
- https://access.redhat.com/security/cve/cve-2019-18805
- https://access.redhat.com/errata/RHSA-2020:1567
- https://access.redhat.com/errata/RHSA-2020:1769
- https://bugzilla.redhat.com/show_bug.cgi?id=1771496
- https://www.cve.org/CVERecord?id=CVE-2019-18805 https://nvd.nist.gov/vuln/detail/CVE-2019-18805
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2019-18805?
The severity of CVE-2019-18805 is critical with a CVSS score of 9.8.
How does CVE-2019-18805 affect Linux Kernel?
CVE-2019-18805 affects the Linux Kernel versions before 5.0.11.
What is the impact of CVE-2019-18805?
CVE-2019-18805 can lead to a denial of service or possibly unspecified impact.
How can I fix CVE-2019-18805?
To fix CVE-2019-18805, update your Linux Kernel to version 5.0.11 or later.
Where can I find more information about CVE-2019-18805?
More information about CVE-2019-18805 can be found on the official Linux Kernel Git repository, Red Hat Bugzilla, and Red Hat Errata.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-18805
- agent/author
- agent/severity
- agent/references
- agent/remedy
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.4
- version/linux linux kernel/4.9
- version/linux linux kernel/4.14
- version/linux linux kernel/4.19
- version/linux linux kernel/5.0
- version/linux linux kernel/5.1-rc1
- version/linux linux kernel/5.1-rc2
- version/linux linux kernel/5.1-rc3
- version/linux linux kernel/5.1-rc4
- version/linux linux kernel/5.1-rc5
- version/linux linux kernel/5.1-rc6
- version/linux linux kernel/5.1-rc7
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp data availability services
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.60.3
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp hci compute node
- canonical/netapp hci storage node
- vendor/broadcom
- canonical/broadcom fabric operating system
- canonical/netapp aff a700s firmware
- canonical/netapp aff a700s
- canonical/netapp fas8300 firmware
- canonical/netapp fas8300
- canonical/netapp fas8700 firmware
- canonical/netapp fas8700
- canonical/netapp aff a400 firmware
- canonical/netapp aff a400
- canonical/netapp h610s firmware
- canonical/netapp h610s