Wind River Support Network


OVP8-494 : Security Advisory - Linux - CVE-2019-11479

Created: Jun 19, 2019    Updated: Nov 21, 2019
Resolved Date: Jul 16, 2019
Previous ID: LIN8-11056
Found In Version:
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel


An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size (MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increases the Linux kernel's resource (CPU, Memory, and Bandwidth) utilization. A remote attacker could use this flaw to cause a denial of service (DoS) by repeatedly sending network traffic on a TCP connection with low TCP MSS.

CREATE(Triage): {Link= User=mhatle}
Live chat