Jonathan Looney discovered that the TCP retransmission...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Mar 7, 2024
Description
Published by the National Vulnerability Database
Jun 19, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Mar 7, 2024
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References