Linux Kernel Denies Service

Linux Kernel Denies Service

Posted by Peter Bassill on 11/07/2019

Four recent vulnerabilities have been uncovered by the one and only Netflix researchers within the FreeBSD and Linux kernels which may result in denial of service. Exploitation of these vulnerabilities would produce an interruption of TCP connections resulting in the streaming content to flow to the vulnerable Linux-based machines. Malicious attackers could disable connections to these vulnerable Linux-Powered machines causing the denial of service.
Furthermore, three of the related flaws were found in the Linux kernel’s handling of the TCP networking. The first two are found in the ‘Selective Acknowledgement’ (SACK) packets combined with the ‘Maximum Segment Size Parameter’ and lastly, the third within the ‘Maximum Segment Size’ parameter according to an advisory issued on the 17th of June 2019.
The most severe out of the four vulnerabilities found is CVE-2019-11477 also known as ‘SACK Panic’. This vulnerability specifically impacts Linux kernels 2.6.29 versions and above. This vulnerability could allow remote attackers to trigger a kernel panic in the Linux system which results in the availability of the system.
The CVE numbers are as follows:


CVE-2019-11477


CVE-2019-11478


CVE-2019-11479


CVE-2019-5599


Contact us



  • Worklab, Europort, Gibraltar

  • +350 540 73836

  • hello@wearehedgehog.com