Описание
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) is set incorrectly. This causes an integer overflow which can lead to a denial Of service (DOS) attack.
Меры по смягчению последствий
This flaw can be mitigated by setting the sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) with 300 which means the packet time will not exceed more then 5 minutes and which should not cause an integer overflow.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2020:0740 | 09.03.2020 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:1567 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:1769 | 28.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux ker ...
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Уязвимость функции dwc3_pci_probe() (drivers/usb/dwc3/dwc3-pci.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.3 High
CVSS3