CVE-2019-18805

Description

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.57%• Percentile: 69%

Techniques & Countermeasures

• CWE-190•Integer Overflow or Wraparound

  The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

• broadcom•fabric_operating_system

  na

• linux•linux_kernel

  ≥ 4.4, < 4.4.180 | ≥ 4.9, < 4.9.172 | ≥ 4.14, < 4.14.115 | ≥ 4.19, < 4.19.38 | ≥ 5.0, < 5.0.11 | 5.1:rc1 | 5.1:rc2 | 5.1:rc3 | 5.1:rc4 | 5.1:rc5 | 5.1:rc6 | 5.1:rc7

• netapp•active_iq_unified_manager

  na

• netapp•aff_a400_firmware

  na

• netapp•aff_a700s

  na

• netapp•data_availability_services

  na

• netapp•e-series_santricity_os_controller

  ≥ 11.0.0, ≤ 11.60.3

• netapp•fas8300_firmware

  na

• netapp•fas8700_firmware

  na

• netapp•h610s_firmware

  na

• netapp•hci_compute_node_firmware

  na

• netapp•hci_management_node

  na

• netapp•hci_storage_node

  na

• netapp•solidfire

  na

• netapp•steelstore_cloud_integrated_storage

  na

• opensuse•leap

  15.0 | 15.1

• redhat•enterprise_linux

  7.0

References (6)

• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html
• http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html
• https://security.netapp.com/advisory/ntap-20191205-0001/
• https://access.redhat.com/errata/RHSA-2020:0740