CVE Vulnerabilities

CVE-2019-11479

Asymmetric Resource Consumption (Amplification)

Published: Jun 19, 2019 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Weakness

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary’s influence is “asymmetric.”

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 4.4 (including) 4.4.182 (excluding)
Linux_kernel Linux 4.9 (including) 4.9.182 (excluding)
Linux_kernel Linux 4.14 (including) 4.14.127 (excluding)
Linux_kernel Linux 4.19 (including) 4.19.52 (excluding)
Linux_kernel Linux 5.1 (including) 5.1.11 (excluding)
Red Hat Enterprise Linux 6 RedHat kernel-0:2.6.32-754.15.3.el6 *
Red Hat Enterprise Linux 6.5 Advanced Update Support RedHat kernel-0:2.6.32-431.95.3.el6 *
Red Hat Enterprise Linux 6.6 Advanced Update Support RedHat kernel-0:2.6.32-504.79.3.el6 *
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-957.21.3.rt56.935.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-957.21.3.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-alt-0:4.14.0-115.8.2.el7a *
Red Hat Enterprise Linux 7.2 Advanced Update Support RedHat kernel-0:3.10.0-327.79.2.el7 *
Red Hat Enterprise Linux 7.2 Telco Extended Update Support RedHat kernel-0:3.10.0-327.79.2.el7 *
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions RedHat kernel-0:3.10.0-327.79.2.el7 *
Red Hat Enterprise Linux 7.3 Advanced Update Support RedHat kernel-0:3.10.0-514.66.2.el7 *
Red Hat Enterprise Linux 7.3 Telco Extended Update Support RedHat kernel-0:3.10.0-514.66.2.el7 *
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions RedHat kernel-0:3.10.0-514.66.2.el7 *
Red Hat Enterprise Linux 7.4 Extended Update Support RedHat kernel-0:3.10.0-693.50.3.el7 *
Red Hat Enterprise Linux 7.5 Extended Update Support RedHat kernel-0:3.10.0-862.34.2.el7 *
Red Hat Enterprise Linux 8 RedHat kernel-rt-0:4.18.0-80.4.2.rt9.152.el8_0 *
Red Hat Enterprise Linux 8 RedHat kernel-0:4.18.0-80.4.2.el8_0 *
Red Hat Enterprise MRG 2 RedHat kernel-rt-1:3.10.0-693.50.3.rt56.644.el6rt *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat redhat-release-virtualization-host-0:4.2-11.1.el7 *
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS RedHat redhat-virtualization-host-0:4.2-20190618.0.el7_6 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat redhat-release-virtualization-host-0:4.3.4-1.el7ev *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 RedHat redhat-virtualization-host-0:4.3.4-20190620.3.el7_6 *
Linux Ubuntu bionic *
Linux Ubuntu cosmic *
Linux Ubuntu disco *
Linux Ubuntu esm-infra-legacy/trusty *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu cosmic *
Linux-aws Ubuntu disco *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-aws-5.15 Ubuntu upstream *
Linux-aws-5.4 Ubuntu upstream *
Linux-aws-6.8 Ubuntu upstream *
Linux-aws-fips Ubuntu trusty *
Linux-aws-fips Ubuntu upstream *
Linux-aws-fips Ubuntu xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu cosmic *
Linux-azure Ubuntu disco *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu upstream *
Linux-azure-5.15 Ubuntu upstream *
Linux-azure-5.4 Ubuntu upstream *
Linux-azure-6.8 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu focal *
Linux-azure-fde Ubuntu upstream *
Linux-azure-fde-5.15 Ubuntu upstream *
Linux-azure-fips Ubuntu trusty *
Linux-azure-fips Ubuntu upstream *
Linux-azure-fips Ubuntu xenial *
Linux-bluefield Ubuntu upstream *
Linux-euclid Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-fips Ubuntu fips-updates/xenial *
Linux-fips Ubuntu fips/xenial *
Linux-fips Ubuntu upstream *
Linux-flo Ubuntu upstream *
Linux-flo Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu cosmic *
Linux-gcp Ubuntu disco *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu upstream *
Linux-gcp-5.15 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu upstream *
Linux-gcp-6.8 Ubuntu upstream *
Linux-gcp-edge Ubuntu bionic *
Linux-gcp-edge Ubuntu upstream *
Linux-gcp-fips Ubuntu trusty *
Linux-gcp-fips Ubuntu upstream *
Linux-gcp-fips Ubuntu xenial *
Linux-gke Ubuntu focal *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu upstream *
Linux-gkeop Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu upstream *
Linux-goldfish Ubuntu upstream *
Linux-goldfish Ubuntu xenial *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.15 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu upstream *
Linux-hwe-6.8 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu upstream *
Linux-ibm-5.15 Ubuntu upstream *
Linux-ibm-5.4 Ubuntu upstream *
Linux-intel Ubuntu upstream *
Linux-intel-iot-realtime Ubuntu upstream *
Linux-intel-iotg Ubuntu upstream *
Linux-intel-iotg-5.15 Ubuntu upstream *
Linux-iot Ubuntu upstream *
Linux-kvm Ubuntu bionic *
Linux-kvm Ubuntu cosmic *
Linux-kvm Ubuntu disco *
Linux-kvm Ubuntu upstream *
Linux-kvm Ubuntu xenial *
Linux-lowlatency Ubuntu upstream *
Linux-lowlatency-hwe-5.15 Ubuntu upstream *
Linux-lowlatency-hwe-6.8 Ubuntu upstream *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu upstream *
Linux-mako Ubuntu upstream *
Linux-mako Ubuntu xenial *
Linux-nvidia Ubuntu upstream *
Linux-nvidia-6.5 Ubuntu upstream *
Linux-nvidia-6.8 Ubuntu upstream *
Linux-nvidia-lowlatency Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu cosmic *
Linux-oem Ubuntu disco *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-6.11 Ubuntu upstream *
Linux-oem-6.8 Ubuntu upstream *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu cosmic *
Linux-oracle Ubuntu disco *
Linux-oracle Ubuntu upstream *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.15 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu upstream *
Linux-oracle-6.8 Ubuntu upstream *
Linux-raspi Ubuntu upstream *
Linux-raspi-5.4 Ubuntu upstream *
Linux-raspi-realtime Ubuntu upstream *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu cosmic *
Linux-raspi2 Ubuntu disco *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-realtime Ubuntu jammy *
Linux-realtime Ubuntu upstream *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu jammy *
Linux-riscv Ubuntu upstream *
Linux-riscv-5.15 Ubuntu upstream *
Linux-riscv-6.8 Ubuntu upstream *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-xilinx-zynqmp Ubuntu upstream *

Potential Mitigations

References