Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels.
CVE-2019-11477: SACK Panic (Linux >= 2.6.29). A sequence of specifically crafted selective acknowledgements (SACK) may trigger an integer overflow, leading to a denial of service or possible kernel failure (panic).
CVE-2019-11478: SACK Slowness (Linux < 4.15) or Excess Resource Usage (all Linux versions). A sequence of specifically crafted selective acknowledgements (SACK) may cause a fragmented TCP queue, with a potential result in slowness or denial of service.
A remote attacker could cause a kernel crash (CVE-2019-11477) or excessive resource consumption leading to a delay or denial of service.
Several vendors have issued workarounds. See the vendor list below for details from specific vendors.
Arch Linux Affected
Arista Networks, Inc. Affected
Check Point Software Technologies Affected
Debian GNU/Linux Affected
FreeBSD Project Affected
Red Hat, Inc. Affected
SUSE Linux Affected
Microsoft Not Affected
Alpine Linux Unknown
Aspera Inc. Unknown
Fedora Project Unknown
Gentoo Linux Unknown
Marconi, Inc. Unknown
Micro Focus Unknown
Openwall GNU/*/Linux Unknown
Slackware Linux Inc. Unknown
Jonathan Looney (Netflix Information Security)
This document was written by Laurie Tyzenhaus.