Multiple TCP Selective Acknowledgement (SACK) and Maximum Segment Size (MSS) networking vulnerabilities may cause denial-of-service conditions in Linux and FreeBSD kernels.
CVE-2019-11477: SACK Panic (Linux >= 2.6.29). A sequence of specifically crafted selective acknowledgements (SACK) may trigger an integer overflow, leading to a denial of service or possible kernel failure (panic).
CVE-2019-11478: SACK Slowness (Linux < 4.15) or Excess Resource Usage (all Linux versions). A sequence of specifically crafted selective acknowledgements (SACK) may cause a fragmented TCP queue, with a potential result in slowness or denial of service.
A remote attacker could cause a kernel crash (CVE-2019-11477) or excessive resource consumption leading to a delay or denial of service.
Several vendors have issued workarounds. See the vendor list below for details from specific vendors.
Jonathan Looney (Netflix Information Security)
This document was written by Laurie Tyzenhaus.