Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities

Four new CVEs present issues that have a potential DoS impact on almost every Linux user.

Dark Reading Staff, Dark Reading

June 22, 2019

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Linux and FreeBSD users have a SACK of new vulnerabilities to worry about, as four new CVEs describe selective acknowledgement (SACK) and excess resource consumption vulnerabilities that can bring a system to a standstill from a denial of service attack.

Three of the CVEs — CVE-2019-11477, CVE-2019-11478, and CVE-2019-5599 — deal with a variety of different SACKs that can hit various Linux distributions and FreeBSD 12 using the RACK TCP Stack. In each case, a carefully crafted selective acknowledgement can trigger an issue that could lead to slowed performance, denial of service, or a kernel panic.

The fourth CVE, CVE-2019-11479, describes a vulnerability stemming from a hard-coded maximum segment size (MSS) that can result in a higher number of fragmented packets than normal. This issue for all Linux versions could be exploited to cause increased resource consumption in the CPU and network controller, with system slowdown or denial of service as the result.

Because of the nature of the Linux and FreeBSD communities, vendors and open-source projects are in various stages of releasing patches for these vulnerabilities. Users should contact their system provider to see whether a patch is already available for the distribution in use.

For more, read here and here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights