The new Linux kernel security updates patch an integer overflow flaw (CVE-2019-11477) discovered by Jonathan Looney in Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments, which could allow a remote attacker to cause a so-called SACK Panic attack (denial of service) by sending malicious sequences of SACK segments on a TCP connection that has a small TCP MSS value. Furthermore, the Linux kernel security update also fixes two other similar issues (CVE-2019-11478 and CVE-2019-11479), both discovered by Jonathan Looney in Linux kernel’s TCP retransmission queue implementation, which could allow a remote attacker to cause a denial of service that may lead to excessive resource consumption and a system crash.
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis