CVE-2019-11478

EPSS 31.33%
Published 19.06.2019 00:15:12
Last modified 21.11.2024 04:21:09
Source security@ubuntu.com
Teams watchlist Login
Open Login

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Affected products Warnungen 0 Metrics 4 CWE 2 References 32

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.4.182

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.182

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.127

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.52

Linux ≫ Linux Kernel Version >= 4.20 < 5.1.11

F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Advanced Firewall Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Advanced Firewall Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version15.0.0

F5 ≫ Big-ip Access Policy Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Access Policy Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Access Policy Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Access Policy Manager Version15.0.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Application Acceleration Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Application Acceleration Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Application Acceleration Manager Version15.0.0

F5 ≫ Big-ip Link Controller Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Link Controller Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Link Controller Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Link Controller Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Link Controller Version15.0.0

F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Policy Enforcement Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Policy Enforcement Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Policy Enforcement Manager Version15.0.0

F5 ≫ Big-ip Webaccelerator Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Webaccelerator Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Webaccelerator Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Webaccelerator Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Webaccelerator Version15.0.0

F5 ≫ Big-ip Application Security Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Application Security Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Application Security Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Application Security Manager Version15.0.0

F5 ≫ Big-ip Local Traffic Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Local Traffic Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Local Traffic Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Local Traffic Manager Version15.0.0

F5 ≫ Big-ip Fraud Protection Service Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Fraud Protection Service Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Fraud Protection Service Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Fraud Protection Service Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Fraud Protection Service Version15.0.0

F5 ≫ Big-ip Global Traffic Manager Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Global Traffic Manager Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Global Traffic Manager Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Global Traffic Manager Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Global Traffic Manager Version15.0.0

F5 ≫ Big-ip Analytics Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Analytics Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Analytics Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Analytics Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Analytics Version15.0.0

F5 ≫ Big-ip Edge Gateway Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Edge Gateway Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Edge Gateway Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Edge Gateway Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Edge Gateway Version15.0.0

F5 ≫ Big-ip Domain Name System Version >= 11.5.2 <= 11.6.4

F5 ≫ Big-ip Domain Name System Version >= 12.1.0 <= 12.1.4

F5 ≫ Big-ip Domain Name System Version >= 13.1.0 <= 13.1.1

F5 ≫ Big-ip Domain Name System Version >= 14.0.0 <= 14.1.0

F5 ≫ Big-ip Domain Name System Version15.0.0

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Redhat ≫ Enterprise Linux Atomic Host Version-

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Aus Version6.5

Redhat ≫ Enterprise Linux Aus Version6.6

Redhat ≫ Enterprise Linux Eus Version7.4

Redhat ≫ Enterprise Linux Eus Version7.5

Redhat ≫ Enterprise Mrg Version2.0

Ivanti ≫ Connect Secure Version-

Pulsesecure ≫ Pulse Policy Secure Version-

Pulsesecure ≫ Pulse Secure Virtual Application Delivery Controller Version-

F5 ≫ Traffix Signaling Delivery Controller Version >= 5.0.0 <= 5.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	31.33%	0.966

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
security@ubuntu.com	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

http://www.openwall.com/lists/oss-security/2019/06/28/2

http://www.openwall.com/lists/oss-security/2019/10/24/1

http://www.openwall.com/lists/oss-security/2019/10/29/3

http://www.openwall.com/lists/oss-security/2019/07/06/3

http://www.openwall.com/lists/oss-security/2019/07/06/4

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html

Third Party Advisory

VDB Entry

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt