search

hshivhare67 / Kernel_4.1.15_CVE-2020-25668

Other
0 stars 0 forks source link

CVE-2019-11477 (High) detected in linuxlinux-4.1.18, linux-stable-rtv4.1 #948

Open mend-bolt-for-github[bot] opened 11 months ago

mend-bolt-for-github[bot] commented 11 months ago

CVE-2019-11477 - High Severity Vulnerability

Vulnerable Libraries - linuxlinux-4.1.18, linux-stable-rtv4.1

Vulnerability Details

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Publish Date: 2019-06-19

URL: CVE-2019-11477

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477

Release Date: 2020-10-20

Fix Resolution: v5.2-rc6

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 7 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.