SACK Panic (CVE-2019-11477)
asked 2019-06-19 00:38:34 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
There are several TCP networking vulnerabilities in the Linux kernels known as SACK Panic. (CVE-2019-11477) More about the publishing from Netflix [1]
Xperia XA2
Jolla C
Jolla
have SACK active (easy to check via /proc/sys/net/ipv4/tcp_sack).
Will there be a Kernel fix for the issue?
[1] https://www.openwall.com/lists/oss-security/2019/06/17/5