Vulnerability-Lookup

BDU:2019-02194

Vulnerability from fstec - Published: 15.06.2019

Title

Уязвимость механизма TCP Selective Acknowledgement ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость механизма TCP SACK (TCP Selective Acknowledgement, выборочное подтверждение TCP) ядра операционной системы Linux вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании путем отправки специально сформированной последовательности SACK-пакетов

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Red Hat Inc., Canonical Ltd., АО «ИВК», Siemens AG, Oracle Corp., Novell Inc., Huawei Technologies Co., Ltd., VMware Inc., ООО «Открытая мобильная платформа», Сообщество свободного программного обеспечения

Software Name

Red Hat Enterprise Linux, Ubuntu, Альт Линукс СПТ (запись в едином реестре российских программ №9), Red Hat Virtualization, Red Hat Enterprise MRG, TIM 1531 IRC, SIMATIC RF188C, SIMATIC RF600R, SIMATIC RF185C, SIMATIC RF186C, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, Альт 8 СП Рабочая станция, Enterprise Communications Broker, OpenSUSE Leap, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SINUMERIK 828D, SIMATIC CM 1542-1, SIMATIC CP 1242-7, SIMATIC CP 1243-1, SIMATIC CP 1243-7 LTE EU, SIMATIC CP 1243-7 LTE/US, SIMATIC CP 1243-8 IRC, SIMATIC CM 1542SP-1, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, CloudConnect 712, RUGGEDCOM RM1224, SCALANCE M800, SCALANCE M875, SCALANCE S615, SCALANCE SC-600, SCALANCE W-700, SCALANCE W1700, SCALANCE WLC711, SCALANCE WLC712, SIMATIC ITC1500, SIMATIC ITC1500 PRO, SIMATIC ITC1900, SIMATIC ITC2200 PRO, SIMATIC ITC2200, SIMATIC MV500, SIMATIC RF166C, SIMATIC RF186CI, SIMATIC RF188CI, SINUMERIK 808D, SINUMERIK 840D sl, SINEMA Remote Connect Server, SIMATIC ITC1900 PRO, FusionSphere OpenStack, Huawei Columbia-L29D, Huawei ELLE-AL00B, Huawei Emily-AL00A, Oracle Communications Session Border Controller, Oracle Enterprise Session Border Controller, Oracle Communications Session Router, Oracle Communications Subscriber-Aware Load Balancer, VMware vCenter Server Appliance, vCloud Director (vCD), vCloud Usage Meter, vRealize Automation, vRealize Network Insight, vRealize Orchestrator Appliance, vRealize Suite Lifecycle Manager, Huawei AC6605, Huawei ALP-AL00B, Huawei BLA-AL00B, Huawei Berkeley-AL20, Huawei C30, Huawei Columbia-AL00A, Huawei Florida-L21, Huawei Florida-L22, Huawei Florida-L23, Huawei Mate 20 X (5G), Huawei P smart 2019, Huawei P20 Pro, Huawei P30 Pro, Huawei Y7 2019, Huawei Y7 Prime 2019, Huawei nova lite 3, Huawei Honor 10 Lite, Huawei Honor 8A, Huawei Leland-AL10B, Huawei Leland-L21A, Huawei Leland-L22C, OceanStor 5300 V3, OceanStor 5500 V3, OceanStor 5600 V3, OceanStor 5800 V3, OceanStor 6800 V3, OceanStor 9000, Huawei Sydney-AL00, Huawei Sydney-AL00BR, iManager NetEco 6000, Identity Manager, Unified Access Gateway, vSphere Integrated Containers, Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2, Fujitsu M12-2S, ОС Аврора (запись в едином реестре российских программ №1543), Linux

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (Альт Линукс СПТ), 18.04 LTS (Ubuntu), 4 (Red Hat Virtualization), 12.04 ESM (Ubuntu), 2.0 (Red Hat Enterprise MRG), - (TIM 1531 IRC), - (SIMATIC RF188C), - (SIMATIC RF600R), - (SIMATIC RF185C), - (SIMATIC RF186C), - (SIMATIC Teleservice Adapter IE Advanced), - (SIMATIC Teleservice Adapter IE Basic), - (Альт 8 СП Рабочая станция), PCz3.0 (Enterprise Communications Broker), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), - (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), 7.4 Extended Update Support (Red Hat Enterprise Linux), 7.5 Extended Update Support (Red Hat Enterprise Linux), до V4.8 SP5 (SINUMERIK 828D), - (SIMATIC CM 1542-1), - (SIMATIC CP 1242-7), - (SIMATIC CP 1243-1), - (SIMATIC CP 1243-7 LTE EU), - (SIMATIC CP 1243-7 LTE/US), - (SIMATIC CP 1243-8 IRC), - (SIMATIC CM 1542SP-1), - (SIMATIC CP 1543-1), - (SIMATIC CP 1543SP-1), до V1.1.5 (CloudConnect 712), - (RUGGEDCOM RM1224), - (SCALANCE M800), - (SCALANCE M875), - (SCALANCE S615), до V2.0.1 (SCALANCE SC-600), - (SCALANCE W-700), - (SCALANCE W1700), - (SCALANCE WLC711), - (SCALANCE WLC712), - (SIMATIC ITC1500), - (SIMATIC ITC1500 PRO), - (SIMATIC ITC1900), - (SIMATIC ITC2200 PRO), - (SIMATIC ITC2200), - (SIMATIC MV500), - (SIMATIC RF166C), - (SIMATIC RF186CI), - (SIMATIC RF188CI), до V4.92 (SINUMERIK 808D), до V4.8 SP5 (SINUMERIK 840D sl), до 2.0 SP1 (SINEMA Remote Connect Server), - (SIMATIC ITC1900 PRO), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.2 Telco Extended Update Support (Red Hat Enterprise Linux), 6.5 Advanced Update Support (Red Hat Enterprise Linux), 6.6 Advanced Update Support (Red Hat Enterprise Linux), 7.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), V100R006C10 (FusionSphere OpenStack), 8.1.0.151(C432) (Huawei Columbia-L29D), 8.1.0.151(C10) (Huawei Columbia-L29D), 8.1.0.148(C185) (Huawei Columbia-L29D), 8.1.0.146(C461) (Huawei Columbia-L29D), 9.1.0.162(C00E160R2P1) (Huawei ELLE-AL00B), 8.1.0.190(C00) (Huawei Emily-AL00A), PCz3.1 (Enterprise Communications Broker), PCz3.2 (Enterprise Communications Broker), 8.0 (Oracle Communications Session Border Controller), 8.1 (Oracle Communications Session Border Controller), 8.2 (Oracle Communications Session Border Controller), 8.3 (Oracle Communications Session Border Controller), 7.5 (Oracle Enterprise Session Border Controller), 8.0 (Oracle Enterprise Session Border Controller), 8.1 (Oracle Enterprise Session Border Controller), 8.2 (Oracle Enterprise Session Border Controller), 8.3 (Oracle Enterprise Session Border Controller), 7.4 (Oracle Communications Session Router), 8.0 (Oracle Communications Session Router), 8.1 (Oracle Communications Session Router), 8.2 (Oracle Communications Session Router), 7.4 (Oracle Communications Session Border Controller), 7.3 (Oracle Communications Subscriber-Aware Load Balancer), 8.1 (Oracle Communications Subscriber-Aware Load Balancer), 8.3 (Oracle Communications Subscriber-Aware Load Balancer), 7.3 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Telco Extended Update Support (Red Hat Enterprise Linux), 7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux), 4.2 (Red Hat Virtualization), 6.0 (VMware vCenter Server Appliance), 6.5 (VMware vCenter Server Appliance), 6.7 (VMware vCenter Server Appliance), 9.7.0.0 (vCloud Director (vCD)), 9.7.0.1 (vCloud Director (vCD)), от 9.5.0.0 до 9.5.0.4 (vCloud Director (vCD)), от 4.0 до 4.1.0.1 (vCloud Usage Meter), от 7.0 до 8.0.0 (vRealize Automation), от 4.0 до 4.2 (vRealize Network Insight), от 7.0 до 8.0.0 (vRealize Orchestrator Appliance), до 8.0 (vRealize Suite Lifecycle Manager), V200R009C00 (Huawei AC6605), V200R010C00 (Huawei AC6605), до 9.1.0.333(C00E333R2P1T8) (Huawei ALP-AL00B), до 9.1.0.333(C00E333R2P1T8) (Huawei BLA-AL00B), до 9.1.0.333(C00E333R2P1T8) (Huawei Berkeley-AL20), V300R019C60 (Huawei C30), до 9.1.0.333(C00E333R1P1T8) (Huawei Columbia-AL00A), 9.1.0.106D(C735E106R1P11) (Huawei ELLE-AL00B), 9.1.0.109(C00E106R1P21) (Huawei ELLE-AL00B), 9.1.0.113(C00E110R1P21) (Huawei ELLE-AL00B), 9.1.0.125(C00E120R1P21) (Huawei ELLE-AL00B), 9.1.0.125D(C735E120R1P11) (Huawei ELLE-AL00B), 9.1.0.135(C00E130R1P21) (Huawei ELLE-AL00B), 9.1.0.153(C00E150R1P21) (Huawei ELLE-AL00B), 9.1.0.153D(C735E153R1P11) (Huawei ELLE-AL00B), 9.1.0.155(C00E150R1P21) (Huawei ELLE-AL00B), до 9.1.0.115(C432E5R1P1T8) (Huawei Florida-L21), до 9.1.0.120(C185E5R1P4T8) (Huawei Florida-L21), до 9.1.0.120(C636E5R1P1T8) (Huawei Florida-L22), до 9.1.0.121(C605E5R1P1T8) (Huawei Florida-L23), V100R006C00RC1 (FusionSphere OpenStack), V100R006C00U1 (FusionSphere OpenStack), V100R006C10RC1B060 (FusionSphere OpenStack), V100R006C10SPC002B010 (FusionSphere OpenStack), V100R006C10SPC110 (FusionSphere OpenStack), V100R006C10SPC200B030 (FusionSphere OpenStack), V100R006C10SPC500 (FusionSphere OpenStack), V100R006C10SPC600 (FusionSphere OpenStack), до 9.1.1.205(C00E205R2P6) (Huawei Mate 20 X (5G)), до 9.1.0.291(C185E8R4P1) (Huawei P smart 2019), до 9.1.0.333(C00E333R1P1T8) (Huawei P20 Pro), до 9.1.0.213(C00E210R2P1) (Huawei P30 Pro), до 8.2.0.150(C432CUSTC432D1) (Huawei Y7 2019), до 8.2.0.147(C185CUSTC185D1) (Huawei Y7 Prime 2019), до 9.1.0.305(C635E8R2P2) (Huawei nova lite 3), до 9.1.0.280(C185E8R4P1) (Huawei Honor 10 Lite), до 9.1.0.234(C636E4R4P1) (Huawei Honor 8A), до 9.1.0.113(C00E111R2P10T8) (Huawei Leland-AL10B), до 9.1.0.118(C185E4R1P4T8) (Huawei Leland-L21A), до 9.1.0.118(C636E4R1P1T8) (Huawei Leland-L22C), V300R006C50SPC100 (OceanStor 5300 V3), V300R006C60 (OceanStor 5300 V3), V300R006C50SPC100 (OceanStor 5500 V3), V300R006C60 (OceanStor 5500 V3), V300R006C50SPC100 (OceanStor 5600 V3), V300R006C60 (OceanStor 5600 V3), V300R006C50SPC100 (OceanStor 5800 V3), V300R006C60 (OceanStor 5800 V3), V300R006C50SPC100 (OceanStor 6800 V3), V300R006C60 (OceanStor 6800 V3), V300R006C50SPC100 (OceanStor 9000), V300R006C60 (OceanStor 9000), до 9.1.0.228(C00E78R1P7T8) (Huawei Sydney-AL00), до 9.1.0.228(C00E78R1P7T8) (Huawei Sydney-AL00BR), V600R008C00 (iManager NetEco 6000), V600R008C10SPC300 (iManager NetEco 6000), V600R008C20 (iManager NetEco 6000), от 3.0.0 до 3.3.1 (Identity Manager), до 3.6 (Unified Access Gateway), от 1.0.0 до 1.5.3 (vSphere Integrated Containers), до XCP2362 (Fujitsu M10-1), до XCP3090 (Fujitsu M10-1), до XCP2362 (Fujitsu M10-4), до XCP3090 (Fujitsu M10-4), до XCP2362 (Fujitsu M10-4S), до XCP3090 (Fujitsu M10-4S), до XCP2362 (Fujitsu M12-1), до XCP3090 (Fujitsu M12-1), до XCP2362 (Fujitsu M12-2), до XCP3090 (Fujitsu M12-2), до XCP2362 (Fujitsu M12-2S), до XCP3090 (Fujitsu M12-2S), 3.2.3.10 (ОС Аврора), от 4.0 до 4.4.181 включительно (Linux), от 4.5 до 4.9.181 включительно (Linux), от 4.10 до 4.14.126 включительно (Linux), от 4.15 до 4.19.51 включительно (Linux), от 4.20 до 5.1.10 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.52 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.182 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.11 Альт Линукс: https://cve.basealt.ru/ Для openSUSE: https://www.suse.com/security/cve/CVE-2019-11477/ Для продуктов Oracle: https://www.oracle.com/security-alerts/cpujan2020.html Red Hat: https://access.redhat.com/security/cve/CVE-2019-11479 Для Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic Для Siemens: https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf Для Huawеi: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en Для VMware: http://www.vmware.com/security/advisories/VMSA-2019-0010.html Для Oracle: https://www.oracle.com/security-alerts/cpuoct2020.html Для ОС Аврора: https://cve.omprussia.ru/bb6323

Reference

http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en http://www.openwall.com/lists/oss-security/2019/06/20/3 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.openwall.com/lists/oss-security/2019/10/24/1 http://www.openwall.com/lists/oss-security/2019/10/29/3 http://www.vmware.com/security/advisories/VMSA-2019-0010.html https://access.redhat.com/errata/RHSA-2019:1594 https://access.redhat.com/errata/RHSA-2019:1602 https://access.redhat.com/errata/RHSA-2019:1699 https://access.redhat.com/security/vulnerabilities/tcpsack https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477 https://cve.omprussia.ru/bb6323 https://exchange.xforce.ibmcloud.com/vulnerabilities/162662 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 https://kc.mcafee.com/corporate/index?page=content&id=SB10287 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.52 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.182 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.11 https://launchpad.net/bugs/1831637 https://nvd.nist.gov/vuln/detail/CVE-2019-11477 https://patchwork.ozlabs.org/patch/1117155/ https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006 https://security.netapp.com/advisory/ntap-20190625-0001/ https://support.f5.com/csp/article/K78234183 https://ubuntu.com/security/notices/USN-4017-1 https://ubuntu.com/security/notices/USN-4017-2 https://usn.ubuntu.com/usn/usn-4017-1 https://usn.ubuntu.com/usn/usn-4017-2 https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic https://www.cve.org/CVERecord?id=CVE-2019-11477 https://www.kb.cert.org/vuls/id/905115 https://www.opennet.ru/openforum/vsluhforumID3/117645.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.synology.com/security/advisory/Synology_SA_19_28 https://www.us-cert.gov/ics/advisories/icsa-19-253-03

CWE

CWE-190, CWE-680

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Siemens AG, Oracle Corp., Novell Inc., Huawei Technologies Co., Ltd., VMware Inc., \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 7.0 (\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422), 18.04 LTS (Ubuntu), 4 (Red Hat Virtualization), 12.04 ESM (Ubuntu), 2.0 (Red Hat Enterprise MRG), - (TIM 1531 IRC), - (SIMATIC RF188C), - (SIMATIC RF600R), - (SIMATIC RF185C), - (SIMATIC RF186C), - (SIMATIC Teleservice Adapter IE Advanced), - (SIMATIC Teleservice Adapter IE Basic), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f), PCz3.0 (Enterprise Communications Broker), 8 (Red Hat Enterprise Linux), 15.0 (OpenSUSE Leap), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), - (SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP), 7.4 Extended Update Support (Red Hat Enterprise Linux), 7.5 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e V4.8 SP5 (SINUMERIK 828D), - (SIMATIC CM 1542-1), - (SIMATIC CP 1242-7), - (SIMATIC CP 1243-1), - (SIMATIC CP 1243-7 LTE EU), - (SIMATIC CP 1243-7 LTE/US), - (SIMATIC CP 1243-8 IRC), - (SIMATIC CM 1542SP-1), - (SIMATIC CP 1543-1), - (SIMATIC CP 1543SP-1), \u0434\u043e V1.1.5 (CloudConnect 712), - (RUGGEDCOM RM1224), - (SCALANCE M800), - (SCALANCE M875), - (SCALANCE S615), \u0434\u043e V2.0.1 (SCALANCE SC-600), - (SCALANCE W-700), - (SCALANCE W1700), - (SCALANCE WLC711), - (SCALANCE WLC712), - (SIMATIC ITC1500), - (SIMATIC ITC1500 PRO), - (SIMATIC ITC1900), - (SIMATIC ITC2200 PRO), - (SIMATIC ITC2200), - (SIMATIC MV500), - (SIMATIC RF166C), - (SIMATIC RF186CI), - (SIMATIC RF188CI), \u0434\u043e V4.92 (SINUMERIK 808D), \u0434\u043e V4.8 SP5 (SINUMERIK 840D sl), \u0434\u043e 2.0 SP1 (SINEMA Remote Connect Server), - (SIMATIC ITC1900 PRO), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.2 Telco Extended Update Support (Red Hat Enterprise Linux), 6.5 Advanced Update Support (Red Hat Enterprise Linux), 6.6 Advanced Update Support (Red Hat Enterprise Linux), 7.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), V100R006C10 (FusionSphere OpenStack), 8.1.0.151(C432) (Huawei Columbia-L29D), 8.1.0.151(C10) (Huawei Columbia-L29D), 8.1.0.148(C185) (Huawei Columbia-L29D), 8.1.0.146(C461) (Huawei Columbia-L29D), 9.1.0.162(C00E160R2P1) (Huawei ELLE-AL00B), 8.1.0.190(C00) (Huawei Emily-AL00A), PCz3.1 (Enterprise Communications Broker), PCz3.2 (Enterprise Communications Broker), 8.0 (Oracle Communications Session Border Controller), 8.1 (Oracle Communications Session Border Controller), 8.2 (Oracle Communications Session Border Controller), 8.3 (Oracle Communications Session Border Controller), 7.5 (Oracle Enterprise Session Border Controller), 8.0 (Oracle Enterprise Session Border Controller), 8.1 (Oracle Enterprise Session Border Controller), 8.2 (Oracle Enterprise Session Border Controller), 8.3 (Oracle Enterprise Session Border Controller), 7.4 (Oracle Communications Session Router), 8.0 (Oracle Communications Session Router), 8.1 (Oracle Communications Session Router), 8.2 (Oracle Communications Session Router), 7.4 (Oracle Communications Session Border Controller), 7.3 (Oracle Communications Subscriber-Aware Load Balancer), 8.1 (Oracle Communications Subscriber-Aware Load Balancer), 8.3 (Oracle Communications Subscriber-Aware Load Balancer), 7.3 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Telco Extended Update Support (Red Hat Enterprise Linux), 7.3 Update Services for SAP Solutions (Red Hat Enterprise Linux), 4.2 (Red Hat Virtualization), 6.0 (VMware vCenter Server Appliance), 6.5 (VMware vCenter Server Appliance), 6.7 (VMware vCenter Server Appliance), 9.7.0.0 (vCloud Director (vCD)), 9.7.0.1 (vCloud Director (vCD)), \u043e\u0442 9.5.0.0 \u0434\u043e 9.5.0.4 (vCloud Director (vCD)), \u043e\u0442 4.0 \u0434\u043e 4.1.0.1 (vCloud Usage Meter), \u043e\u0442 7.0 \u0434\u043e 8.0.0 (vRealize Automation), \u043e\u0442 4.0 \u0434\u043e 4.2 (vRealize Network Insight), \u043e\u0442 7.0 \u0434\u043e 8.0.0 (vRealize Orchestrator Appliance), \u0434\u043e 8.0 (vRealize Suite Lifecycle Manager), V200R009C00 (Huawei AC6605), V200R010C00 (Huawei AC6605), \u0434\u043e 9.1.0.333(C00E333R2P1T8) (Huawei ALP-AL00B), \u0434\u043e 9.1.0.333(C00E333R2P1T8) (Huawei BLA-AL00B), \u0434\u043e 9.1.0.333(C00E333R2P1T8) (Huawei Berkeley-AL20), V300R019C60 (Huawei C30), \u0434\u043e 9.1.0.333(C00E333R1P1T8) (Huawei Columbia-AL00A), 9.1.0.106D(C735E106R1P11) (Huawei ELLE-AL00B), 9.1.0.109(C00E106R1P21) (Huawei ELLE-AL00B), 9.1.0.113(C00E110R1P21) (Huawei ELLE-AL00B), 9.1.0.125(C00E120R1P21) (Huawei ELLE-AL00B), 9.1.0.125D(C735E120R1P11) (Huawei ELLE-AL00B), 9.1.0.135(C00E130R1P21) (Huawei ELLE-AL00B), 9.1.0.153(C00E150R1P21) (Huawei ELLE-AL00B), 9.1.0.153D(C735E153R1P11) (Huawei ELLE-AL00B), 9.1.0.155(C00E150R1P21) (Huawei ELLE-AL00B), \u0434\u043e 9.1.0.115(C432E5R1P1T8) (Huawei Florida-L21), \u0434\u043e 9.1.0.120(C185E5R1P4T8) (Huawei Florida-L21), \u0434\u043e 9.1.0.120(C636E5R1P1T8) (Huawei Florida-L22), \u0434\u043e 9.1.0.121(C605E5R1P1T8) (Huawei Florida-L23), V100R006C00RC1 (FusionSphere OpenStack), V100R006C00U1 (FusionSphere OpenStack), V100R006C10RC1B060 (FusionSphere OpenStack), V100R006C10SPC002B010 (FusionSphere OpenStack), V100R006C10SPC110 (FusionSphere OpenStack), V100R006C10SPC200B030 (FusionSphere OpenStack), V100R006C10SPC500 (FusionSphere OpenStack), V100R006C10SPC600 (FusionSphere OpenStack), \u0434\u043e 9.1.1.205(C00E205R2P6) (Huawei Mate 20 X (5G)), \u0434\u043e 9.1.0.291(C185E8R4P1) (Huawei P smart 2019), \u0434\u043e 9.1.0.333(C00E333R1P1T8) (Huawei P20 Pro), \u0434\u043e 9.1.0.213(C00E210R2P1) (Huawei P30 Pro), \u0434\u043e 8.2.0.150(C432CUSTC432D1) (Huawei Y7 2019), \u0434\u043e 8.2.0.147(C185CUSTC185D1) (Huawei Y7 Prime 2019), \u0434\u043e 9.1.0.305(C635E8R2P2) (Huawei nova lite 3), \u0434\u043e 9.1.0.280(C185E8R4P1) (Huawei Honor 10 Lite), \u0434\u043e 9.1.0.234(C636E4R4P1) (Huawei Honor 8A), \u0434\u043e 9.1.0.113(C00E111R2P10T8) (Huawei Leland-AL10B), \u0434\u043e 9.1.0.118(C185E4R1P4T8) (Huawei Leland-L21A), \u0434\u043e 9.1.0.118(C636E4R1P1T8) (Huawei Leland-L22C), V300R006C50SPC100 (OceanStor 5300 V3), V300R006C60 (OceanStor 5300 V3), V300R006C50SPC100 (OceanStor 5500 V3), V300R006C60 (OceanStor 5500 V3), V300R006C50SPC100 (OceanStor 5600 V3), V300R006C60 (OceanStor 5600 V3), V300R006C50SPC100 (OceanStor 5800 V3), V300R006C60 (OceanStor 5800 V3), V300R006C50SPC100 (OceanStor 6800 V3), V300R006C60 (OceanStor 6800 V3), V300R006C50SPC100 (OceanStor 9000), V300R006C60 (OceanStor 9000), \u0434\u043e 9.1.0.228(C00E78R1P7T8) (Huawei Sydney-AL00), \u0434\u043e 9.1.0.228(C00E78R1P7T8) (Huawei Sydney-AL00BR), V600R008C00 (iManager NetEco 6000), V600R008C10SPC300 (iManager NetEco 6000), V600R008C20 (iManager NetEco 6000), \u043e\u0442 3.0.0 \u0434\u043e 3.3.1 (Identity Manager), \u0434\u043e 3.6 (Unified Access Gateway), \u043e\u0442 1.0.0 \u0434\u043e 1.5.3 (vSphere Integrated Containers), \u0434\u043e XCP2362 (Fujitsu M10-1), \u0434\u043e XCP3090 (Fujitsu M10-1), \u0434\u043e XCP2362 (Fujitsu M10-4), \u0434\u043e XCP3090 (Fujitsu M10-4), \u0434\u043e XCP2362 (Fujitsu M10-4S), \u0434\u043e XCP3090 (Fujitsu M10-4S), \u0434\u043e XCP2362 (Fujitsu M12-1), \u0434\u043e XCP3090 (Fujitsu M12-1), \u0434\u043e XCP2362 (Fujitsu M12-2), \u0434\u043e XCP3090 (Fujitsu M12-2), \u0434\u043e XCP2362 (Fujitsu M12-2S), \u0434\u043e XCP3090 (Fujitsu M12-2S), 3.2.3.10 (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430), \u043e\u0442 4.0 \u0434\u043e 4.4.181 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.181 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.126 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.51 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.1.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.52\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.182\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.11\n\n\u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441:\nhttps://cve.basealt.ru/\n\n\u0414\u043b\u044f openSUSE:\nhttps://www.suse.com/security/cve/CVE-2019-11477/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\nhttps://www.oracle.com/security-alerts/cpujan2020.html\n\nRed Hat:\nhttps://access.redhat.com/security/cve/CVE-2019-11479\n\n\u0414\u043b\u044f Ubuntu:\nhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic\n\n\u0414\u043b\u044f Siemens:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf\n\n\u0414\u043b\u044f Huaw\u0435i:\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en\n\n\u0414\u043b\u044f VMware:\nhttp://www.vmware.com/security/advisories/VMSA-2019-0010.html\n\n\u0414\u043b\u044f Oracle:\nhttps://www.oracle.com/security-alerts/cpuoct2020.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430:\nhttps://cve.omprussia.ru/bb6323",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.06.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.06.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02194",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11477",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Red Hat Virtualization, Red Hat Enterprise MRG, TIM 1531 IRC, SIMATIC RF188C, SIMATIC RF600R, SIMATIC RF185C, SIMATIC RF186C, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f, Enterprise Communications Broker, OpenSUSE Leap, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP, SINUMERIK 828D, SIMATIC CM 1542-1, SIMATIC CP 1242-7, SIMATIC CP 1243-1, SIMATIC CP 1243-7 LTE EU, SIMATIC CP 1243-7 LTE/US, SIMATIC CP 1243-8 IRC, SIMATIC CM 1542SP-1, SIMATIC CP 1543-1, SIMATIC CP 1543SP-1, CloudConnect 712, RUGGEDCOM RM1224, SCALANCE M800, SCALANCE M875, SCALANCE S615, SCALANCE SC-600, SCALANCE W-700, SCALANCE W1700, SCALANCE WLC711, SCALANCE WLC712, SIMATIC ITC1500, SIMATIC ITC1500 PRO, SIMATIC ITC1900, SIMATIC ITC2200 PRO, SIMATIC ITC2200, SIMATIC MV500, SIMATIC RF166C, SIMATIC RF186CI, SIMATIC RF188CI, SINUMERIK 808D, SINUMERIK 840D sl, SINEMA Remote Connect Server, SIMATIC ITC1900 PRO, FusionSphere OpenStack, Huawei Columbia-L29D, Huawei ELLE-AL00B, Huawei Emily-AL00A, Oracle Communications Session Border Controller, Oracle Enterprise Session Border Controller, Oracle Communications Session Router, Oracle Communications Subscriber-Aware Load Balancer, VMware vCenter Server Appliance, vCloud Director (vCD), vCloud Usage Meter, vRealize Automation, vRealize Network Insight, vRealize Orchestrator Appliance, vRealize Suite Lifecycle Manager, Huawei AC6605, Huawei ALP-AL00B, Huawei BLA-AL00B, Huawei Berkeley-AL20, Huawei C30, Huawei Columbia-AL00A, Huawei Florida-L21, Huawei Florida-L22, Huawei Florida-L23, Huawei Mate 20 X (5G), Huawei P smart 2019, Huawei P20 Pro, Huawei P30 Pro, Huawei Y7 2019, Huawei Y7 Prime 2019, Huawei nova lite 3, Huawei Honor 10 Lite, Huawei Honor 8A, Huawei Leland-AL10B, Huawei Leland-L21A, Huawei Leland-L22C, OceanStor 5300 V3, OceanStor 5500 V3, OceanStor 5600 V3, OceanStor 5800 V3, OceanStor 6800 V3, OceanStor 9000, Huawei Sydney-AL00, Huawei Sydney-AL00BR, iManager NetEco 6000, Identity Manager, Unified Access Gateway, vSphere Integrated Containers, Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2, Fujitsu M12-2S, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 \u041b\u0438\u043d\u0443\u043a\u0441 \u0421\u041f\u0422 7.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21169), Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 12.04 ESM , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f \u0420\u0430\u0431\u043e\u0447\u0430\u044f \u0441\u0442\u0430\u043d\u0446\u0438\u044f - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.4.182 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.9.182 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.14.127 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.19.52 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.1.11 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , Red Hat Inc. Red Hat Enterprise Linux 7.4 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.5 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.2 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 6.5 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 6.6 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 7.3 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.3.10 F+ Life Tab Plus (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 TCP Selective Acknowledgement \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190), \u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c (CWE-680)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 TCP SACK (TCP Selective Acknowledgement, \u0432\u044b\u0431\u043e\u0440\u043e\u0447\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 TCP) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 SACK-\u043f\u0430\u043a\u0435\u0442\u043e\u0432",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html\nhttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html\nhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en\nhttp://www.openwall.com/lists/oss-security/2019/06/20/3\nhttp://www.openwall.com/lists/oss-security/2019/06/28/2\nhttp://www.openwall.com/lists/oss-security/2019/07/06/3\nhttp://www.openwall.com/lists/oss-security/2019/07/06/4\nhttp://www.openwall.com/lists/oss-security/2019/10/24/1\nhttp://www.openwall.com/lists/oss-security/2019/10/29/3\nhttp://www.vmware.com/security/advisories/VMSA-2019-0010.html\nhttps://access.redhat.com/errata/RHSA-2019:1594\nhttps://access.redhat.com/errata/RHSA-2019:1602\nhttps://access.redhat.com/errata/RHSA-2019:1699\nhttps://access.redhat.com/security/vulnerabilities/tcpsack\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477\nhttps://cve.omprussia.ru/bb6323\nhttps://exchange.xforce.ibmcloud.com/vulnerabilities/162662\nhttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff\nhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md\nhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.127\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.52\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.182\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.11\nhttps://launchpad.net/bugs/1831637\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11477\nhttps://patchwork.ozlabs.org/patch/1117155/\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006\nhttps://security.netapp.com/advisory/ntap-20190625-0001/\nhttps://support.f5.com/csp/article/K78234183\nhttps://ubuntu.com/security/notices/USN-4017-1\nhttps://ubuntu.com/security/notices/USN-4017-2\nhttps://usn.ubuntu.com/usn/usn-4017-1\nhttps://usn.ubuntu.com/usn/usn-4017-2\nhttps://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic\nhttps://www.cve.org/CVERecord?id=CVE-2019-11477\nhttps://www.kb.cert.org/vuls/id/905115\nhttps://www.opennet.ru/openforum/vsluhforumID3/117645.html\nhttps://www.oracle.com/security-alerts/cpujan2020.html\nhttps://www.oracle.com/security-alerts/cpuoct2020.html\nhttps://www.synology.com/security/advisory/Synology_SA_19_28\nhttps://www.us-cert.gov/ics/advisories/icsa-19-253-03",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190, CWE-680",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2019-11477 (GCVE-0-2019-11477)

Vulnerability from cvelistv5 – Published: 2019-06-18 23:34 – Updated: 2024-09-17 02:21

Title

Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs

Summary

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

canonical

References

URL

Tags

	https://www.kb.cert.org/vuls/id/905115	third-party-advisoryx_refsource_CERT-VN
	http://www.openwall.com/lists/oss-security/2019/06/20/3	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1594	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1602	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-listx_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1699	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2019/10/24/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/10/29/3	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/d…	x_refsource_MISC
	https://github.com/Netflix/security-bulletins/blo…	x_refsource_MISC
	https://wiki.ubuntu.com/SecurityTeam/KnowledgeBas…	x_refsource_MISC
	https://access.redhat.com/security/vulnerabilitie…	x_refsource_MISC
	https://support.f5.com/csp/article/K78234183	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/153346/Kerne…	x_refsource_MISC
	https://kb.pulsesecure.net/articles/Pulse_Securit…	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019062…	x_refsource_CONFIRM
	https://psirt.global.sonicwall.com/vuln-detail/SN…	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-19-253-03	x_refsource_MISC
	http://packetstormsecurity.com/files/154951/Kerne…	x_refsource_MISC
	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM
	http://www.arubanetworks.com/assets/alert/ARUBA-P…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Linux	Linux kernel	Affected: 4.4 , < 4.4.182 (custom) Affected: 4.9 , < 4.9.182 (custom) Affected: 4.14 , < 4.14.127 (custom) Affected: 4.19 , < 4.19.52 (custom) Affected: 5.1 , < 5.1.11 (custom)

Date Public ?

2019-06-17 00:00

Credits

Jonathan Looney from Netflix

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#905115",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/905115"
          },
          {
            "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
          },
          {
            "name": "RHSA-2019:1594",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1594"
          },
          {
            "name": "RHSA-2019:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1602"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "name": "RHSA-2019:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1699"
          },
          {
            "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
          },
          {
            "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K78234183"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.4.182",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.182",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            },
            {
              "lessThan": "4.14.127",
              "status": "affected",
              "version": "4.14",
              "versionType": "custom"
            },
            {
              "lessThan": "4.19.52",
              "status": "affected",
              "version": "4.19",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.11",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jonathan Looney from Netflix"
        }
      ],
      "datePublic": "2019-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:56.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "VU#905115",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/905115"
        },
        {
          "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
        },
        {
          "name": "RHSA-2019:1594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1594"
        },
        {
          "name": "RHSA-2019:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1602"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "name": "RHSA-2019:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1699"
        },
        {
          "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
        },
        {
          "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K78234183"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4017-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "SACK Panic",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00.000Z",
          "ID": "CVE-2019-11477",
          "STATE": "PUBLIC",
          "TITLE": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.4",
                            "version_value": "4.4.182"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.9",
                            "version_value": "4.9.182"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.14",
                            "version_value": "4.14.127"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.19",
                            "version_value": "4.19.52"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5.1",
                            "version_value": "5.1.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Jonathan Looney from Netflix"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-190 Integer Overflow or Wraparound"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#905115",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/905115"
            },
            {
              "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
            },
            {
              "name": "RHSA-2019:1594",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1594"
            },
            {
              "name": "RHSA-2019:1602",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1602"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "RHSA-2019:1699",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1699"
            },
            {
              "name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
            },
            {
              "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
            },
            {
              "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
              "refsource": "MISC",
              "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
            },
            {
              "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic",
              "refsource": "MISC",
              "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/tcpsack",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
            },
            {
              "name": "https://support.f5.com/csp/article/K78234183",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K78234183"
            },
            {
              "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
            },
            {
              "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
              "refsource": "CONFIRM",
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_28",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190625-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
            },
            {
              "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
            }
          ]
        },
        "source": {
          "advisory": "https://usn.ubuntu.com/4017-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11477",
    "datePublished": "2019-06-18T23:34:51.026Z",
    "dateReserved": "2019-04-23T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:21:15.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-02194

CVE-2019-11477 (GCVE-0-2019-11477)

Tags

Sightings

Nomenclature