Trending CVEs for the Week of June 17th, 2019

CVE-2019-11477 – SACK Panic

Remote Command Execution Flaw in Exim is still trending on social media and we extensively covered CVE-2019-10149 in June 10th blog post. This week, we will talk about CVE-2019-11477 which is runner-up in the list. This vulnerability has discovered by Jonathan Looney who is engineer manager at Netflix.

Description

CVE-2019-11477, known as “SACK Panic”, is referring to the Linux kernel’s TCP Selective Acknowledgement (SACK) capabilities.

Affected Platforms

Linux 6, 6.5, 6.6, 7, 7.2, 7.3, 7.4, 7.5, 8 platforms; kernel & kernel-rt packages.

You can find the full list here.

Exploitation and Risk

Successful exploitation of this vulnerability will result in a denial of service (DoS) on affected systems.

Fixes

Netflix provided patches and mitigation for CVE-2019-11477

They can be found here.

References

National Vulnerability Database

Redhat

Netflix Github