Jonathan Looney discovered that the TCP_SKB_CB(skb)-...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Mar 7, 2024
Description
Published by the National Vulnerability Database
Jun 19, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Mar 7, 2024
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References