Описание
Linux Kernel TCP SACK Denial of Service Vulnerability
Executive Summary
Known vulnerabilities exist in the Linux kernel. These vulnerabilities are documented by the following CVEs: CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.
The purpose of this advisory is to explain the various effects of these vulnerabilities and to provide links to more information.
- If you are running a Linux kernel in your Azure environment, you should contact the provider of that Linux kernel to understand their recommendation for protecting your installation. See below for a list of popular providers.
- If you are using Azure Sphere for an IoT product, please see Azure Sphere https://azure.microsoft.com/en-us/updates/update-19-06-for-azure-sphere-public-preview-now-available-for-evaluation/
- If you are using Azure Kubernetes Service, please see https://github.com/Azure/AKS/issues/1065
- If you are using HD Insight, please see https://azure.microsoft.com/en-us/updates/security-advisory-on-linux-kernel-tcp-vulnerabilities-for-hdinsight-clusters/
FAQ
What is Azure Sphere?
Azure Sphere is a solution for creating highly secured, connected MCU-powered devices. It currently is in Preview. See https://azure.microsoft.com/en-us/services/azure-sphere/ for more information.
I'm running a non-Microsoft Linux distribution. Where can I find information about fixes for this vulnerability?
Microsoft recommends that you follow the guidance from your software provider. The below tables have links to some of the most widely used products using the Linux kernel.
Возможность эксплуатации
Publicly Disclosed
Exploited
DOS