Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Huawei Data Communication: Integer Overflow Vulnerability in the Linux Kernel (SACK Panic) (huawei-sa-20191204-01-kernel)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
Insight
Insight
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (Vulnerability ID: HWPSIRT-2019-06130)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-11477.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.
Affected Software
Affected Software
AC6605 versions V200R009C00 V200R010C00 B525s-23a versions Versions earlier than TCPU-V800R001B191D27SP00C00 Versions earlier than TCPU-V800R001B191D27SP00C00 Versions earlier than TCPU-V800R001B191D27SP00C00 Versions earlier than TCPU-V800R001B191D27SP00C00 Florida-L21 versions Versions earlier than 9.1.0.115(C432E5R1P1T8) Versions earlier than 9.1.0.120(C185E5R1P4T8) Florida-L22 versions Versions earlier than 9.1.0.120(C636E5R1P1T8) Florida-L23 versions Versions earlier than 9.1.0.121(C605E5R1P1T8) FusionSphere OpenStack versions V100R006C00RC1 V100R006C00U1 V100R006C10 V100R006C10RC1B060 V100R006C10SPC002B010 V100R006C10SPC110 V100R006C10SPC200B030 V100R006C10SPC500 V100R006C10SPC600 HUAWEI 4G Router 2 versions Versions earlier than 10.0.1.1(H187SP15C00) Honor 8A versions Versions earlier than 9.1.0.234(C636E4R3P1) Versions earlier than 9.1.0.234(C636E4R4P1) Versions earlier than 9.1.0.234(C636E4R4P1) Versions earlier than 9.1.0.234(C636E4R4P1) Leland-AL10B versions Versions earlier than 9.1.0.113(C00E111R2P10T8) Leland-L21A versions Versions earlier than 9.1.0.118(C185E4R1P4T8) Leland-L22C versions Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L31A versions Versions earlier than 9.1.0.121(C432E4R1P3T8) OceanStor 5300 V3 versions V300R006C50SPC100 V300R006C60 OceanStor 5500 V3 versions V300R006C50SPC100 V300R006C60 OceanStor 5600 V3 versions V300R006C50SPC100 V300R006C60 OceanStor 5800 V3 versions V300R006C50SPC100 V300R006C60 OceanStor 6800 V3 versions V300R006C50SPC100 V300R006C60 OceanStor 9000 versions V300R006C00SPC001 V300R006C10 iManager NetEco 6000 versions V600R008C00 V600R008C10SPC300 V600R008C20
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.