CVE-2019-18805

CRITICAL EPSS 87.5%
Published Nov 7, 20196y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Nov 7, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
87.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 34

VendorProductVersionRange
linuxlinux_kernel*≥4.4  –  <4.4.180
linuxlinux_kernel*≥4.9  –  <4.9.172
linuxlinux_kernel*≥4.14  –  <4.14.115
linuxlinux_kernel*≥4.19  –  <4.19.38
linuxlinux_kernel*≥5.0  –  <5.0.11
linuxlinux_kernel5.1any
linuxlinux_kernel5.1any
linuxlinux_kernel5.1any
linuxlinux_kernel5.1any
linuxlinux_kernel5.1any
linuxlinux_kernel5.1any
linuxlinux_kernel5.1any
opensuseleap15.0any
opensuseleap15.1any
redhatenterprise_linux7.0any
netappactive_iq_unified_manager*any
netappdata_availability_services*any
netappe-series_santricity_os_controller*≥11.0.0  –  ≤11.60.3
netapphci_management_node*any
netappsolidfire*any
netappsteelstore_cloud_integrated_storage*any
netapphci_compute_node*any
netapphci_storage_node*any
broadcomfabric_operating_system*any
netappaff_a700s_firmware*any
netappaff_a700s*any
netappfas8300_firmware*any
netappfas8300*any
netappfas8700_firmware*any
netappfas8700*any
netappaff_a400_firmware*any
netappaff_a400*any
netapph610s_firmware*any
netapph610s*any

References 6

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html
    Mailing ListThird Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2020:0740
    Third Party Advisory
  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
    Mailing ListPatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78
    Mailing ListPatchVendor Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20191205-0001/
    Third Party Advisory

Remediation

  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
    Mailing ListPatchVendor Advisory
  • git.kernel.org https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78
    Mailing ListPatchVendor Advisory