SACK Panic (CVE-2019-11477)

Tracked by Jolla (In release)

asked 2019-06-19 00:38:34 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2019-06-19 00:39:23 +0300

Nokius gravatar image

There are several TCP networking vulnerabilities in the Linux kernels known as SACK Panic. (CVE-2019-11477) More about the publishing from Netflix [1]

Xperia XA2
Jolla C
Jolla

have SACK active (easy to check via /proc/sys/net/ipv4/tcp_sack).

Will there be a Kernel fix for the issue?

[1] https://www.openwall.com/lists/oss-security/2019/06/17/5

edit retag flag offensive close delete