The flaws, related to how the kernel handles TCP Selective Acknowledgement (SACK) packets with a low minimum segment size (MSS), could impact many devices, including servers, Android smartphones and embedded devices.
Exploitation involves sending specially crafted packets to the targeted device and some believe the flaws could have significant and widespread impact.
A total of three security holes have been identified. The most serious of them, dubbed SACK Panic and tracked as CVE-2019-11477, impacts Linux kernel versions starting with 2.6.29, which was released in 2009.
Another flaw, tracked as CVE-2019-11478 and dubbed SACK Slowness, impacts all versions of the Linux kernel prior to 4.15.
Leave a reply