CVE-2019-18805
CRITICAL EPSS 87.5%
Published Nov 7, 20196y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Nov 7, 2019 6y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
87.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-190 Integer Overflow or Wraparound Numeric Error
Affected Products 34
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥4.4 – <4.4.180 |
| linux | linux_kernel | * | ≥4.9 – <4.9.172 |
| linux | linux_kernel | * | ≥4.14 – <4.14.115 |
| linux | linux_kernel | * | ≥4.19 – <4.19.38 |
| linux | linux_kernel | * | ≥5.0 – <5.0.11 |
| linux | linux_kernel | 5.1 | any |
| linux | linux_kernel | 5.1 | any |
| linux | linux_kernel | 5.1 | any |
| linux | linux_kernel | 5.1 | any |
| linux | linux_kernel | 5.1 | any |
| linux | linux_kernel | 5.1 | any |
| linux | linux_kernel | 5.1 | any |
| opensuse | leap | 15.0 | any |
| opensuse | leap | 15.1 | any |
| redhat | enterprise_linux | 7.0 | any |
| netapp | active_iq_unified_manager | * | any |
| netapp | data_availability_services | * | any |
| netapp | e-series_santricity_os_controller | * | ≥11.0.0 – ≤11.60.3 |
| netapp | hci_management_node | * | any |
| netapp | solidfire | * | any |
| netapp | steelstore_cloud_integrated_storage | * | any |
| netapp | hci_compute_node | * | any |
| netapp | hci_storage_node | * | any |
| broadcom | fabric_operating_system | * | any |
| netapp | aff_a700s_firmware | * | any |
| netapp | aff_a700s | * | any |
| netapp | fas8300_firmware | * | any |
| netapp | fas8300 | * | any |
| netapp | fas8700_firmware | * | any |
| netapp | fas8700 | * | any |
| netapp | aff_a400_firmware | * | any |
| netapp | aff_a400 | * | any |
| netapp | h610s_firmware | * | any |
| netapp | h610s | * | any |
References 6
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html
- access.redhat.com https://access.redhat.com/errata/RHSA-2020:0740
- cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78
- security.netapp.com https://security.netapp.com/advisory/ntap-20191205-0001/
Remediation
- cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
- git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78