QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11479

Published: Jun 18, 2019

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.0

5.3

MEDIUM

Description

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Vendor	Product	Versions
Linux	Linux kernel	affected `4.4 - < 4.4.182` affected `4.9 - < 4.9.182` affected `4.14 - < 4.14.127` affected `4.19 - < 4.19.52` affected `5.1 - < 5.1.11`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT-VN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

[oss-security] 20190628 Re: linux-distros membership application - Microsoft

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20190706 Re: linux-distros membership application - Microsoft

mailing-list

x_refsource_MLIST

[oss-security] 20190706 Re: linux-distros membership application - Microsoft

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

x_refsource_MISC

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic

x_refsource_MISC

https://access.redhat.com/security/vulnerabilities/tcpsack

x_refsource_MISC

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

x_refsource_CONFIRM

https://www.synology.com/security/advisory/Synology_SA_19_28

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190625-0001/

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10287

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsa-19-253-03

x_refsource_MISC

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt

x_refsource_CONFIRM

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6

x_refsource_MISC

https://support.f5.com/csp/article/K35421172

x_refsource_CONFIRM

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008

x_refsource_CONFIRM

https://support.f5.com/csp/article/K35421172?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

https://www.us-cert.gov/ics/advisories/icsma-20-170-06

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.