Trending CVEs for the Week of June 17th, 2019
CVE-2019-11477 – SACK Panic
Remote Command Execution Flaw in Exim is still trending on social media and we extensively covered CVE-2019-10149 in June 10th blog post. This week, we will talk about CVE-2019-11477 which is runner-up in the list. This vulnerability has discovered by Jonathan Looney who is engineer manager at Netflix.
CVE-2019-11477, known as “SACK Panic”, is referring to the Linux kernel’s TCP Selective Acknowledgement (SACK) capabilities.
Linux 6, 6.5, 6.6, 7, 7.2, 7.3, 7.4, 7.5, 8 platforms; kernel & kernel-rt packages.
You can find the full list here.
Exploitation and Risk
Successful exploitation of this vulnerability will result in a denial of service (DoS) on affected systems.
Netflix provided patches and mitigation for CVE-2019-11477
They can be found here.