CVE-2019-18805

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

History

22 Jun 2021, 14:47

Type Values Removed Values Added
CPE cpe:2.3:o:netapp:brocade_fabric_os:-:*:*:*:*:*:*:* cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*

02 Jun 2021, 15:29

Type Values Removed Values Added
CPE cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*
cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*
cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:brocade_fabric_os:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0740 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0740 - Third Party Advisory
References (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 - Mailing List, Vendor Advisory (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 - Mailing List, Patch, Vendor Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20191205-0001/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html - Mailing List, Third Party Advisory

Information

Published : 2019-11-07 14:15

Updated : 2023-12-10 13:13


NVD link : CVE-2019-18805

Mitre link : CVE-2019-18805

CVE.ORG link : CVE-2019-18805


JSON object : View

Products Affected

netapp

  • solidfire
  • hci_storage_node
  • data_availability_services
  • steelstore_cloud_integrated_storage
  • aff_a700s
  • h610s_firmware
  • hci_compute_node
  • e-series_santricity_os_controller
  • fas8300_firmware
  • fas8700
  • active_iq_unified_manager
  • hci_management_node
  • fas8700_firmware
  • aff_a700s_firmware
  • fas8300
  • h610s
  • aff_a400
  • aff_a400_firmware

redhat

  • enterprise_linux

opensuse

  • leap

broadcom

  • fabric_operating_system

linux

  • linux_kernel
CWE
CWE-190

Integer Overflow or Wraparound