CVE-2019-18805

Published Nov 7, 2019
Last updated 3 years ago
CVSS critical 9.8
Overview

Description: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-190
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49884052-E8FD-49E4-A9F3-D0964EB0AC31",
            "versionEndExcluding": "4.4.180",
            "versionStartIncluding": "4.4"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF6AB36D-D9AC-4381-88AF-CC4FDA5EC98E",
            "versionEndExcluding": "4.9.172",
            "versionStartIncluding": "4.9"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3562ABD-4F11-4BD1-9BBD-417B7BC9BCF3",
            "versionEndExcluding": "4.14.115",
            "versionStartIncluding": "4.14"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48FBE002-61C1-4569-B850-E15BD2DBA143",
            "versionEndExcluding": "4.19.38",
            "versionStartIncluding": "4.19"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C23FEFDF-76B5-46C0-9481-CE70EBDB7BFE",
            "versionEndExcluding": "5.0.11",
            "versionStartIncluding": "5.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2258D313-BAF7-482D-98E0-79F2A448287B"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1578A37C-C7CC-4B36-8668-6A1AED63B0A8"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49BD6839-AB64-48DA-9D1D-18B4508AF652"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1E5129A-F85C-432A-988D-6C3ED03EC04D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0669A9F1-3BFF-4E5A-BEF7-9F2A627CEF03"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CC18FCC-3F69-4A7E-9F29-4C4504E83B4D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12A5D914-5CEB-4D3F-A903-6F1FAD82A125"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
            "versionEndIncluding": "11.60.3",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          },
          {
            "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"
          },
          {
            "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521"
          },
          {
            "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89706810-031B-49F0-B353-FD27FD7B2776"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDD1E822-1EA6-4E62-A58B-2378149D20DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
