CVE-2019-18805 : An issue was discovered in net/ipv4/sysctl_net

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

Published 2019-11-07 14:15:11

Updated 2021-06-22 14:47:56

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2019-18805

Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.9 and before (<) 4.9.172
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.0 and before (<) 5.0.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.14 and before (<) 4.14.115
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.19 and before (<) 4.19.38
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.4 and before (<) 4.4.180
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC1
cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC2
cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC3
cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC4
cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC5
cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC6
cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC7
cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*
Matching versions
Broadcom » Fabric Operating System » Version: N/A
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0.0 and up to, including, (<=) 11.60.3
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Storage Node » Version: N/A
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Compute Node » Version: N/A
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Data Availability Services » Version: N/A
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
Matching versions
Netapp » Aff A700s Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A700s » Version: N/A
Netapp » Fas8300 Firmware » Version: N/A
cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas8300 » Version: N/A
Netapp » Fas8700 Firmware » Version: N/A
cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas8700 » Version: N/A
Netapp » Aff A400 Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A400 » Version: N/A
Netapp » H610s Firmware » Version: N/A
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610s » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-18805

EPSS FAQ

0.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-18805

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-18805

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-18805

https://access.redhat.com/errata/RHSA-2020:0740

RHSA-2020:0740 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html

[security-announce] openSUSE-SU-2019:2507-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78

kernel/git/torvalds/linux.git - Linux kernel source tree
Mailing List;Patch;Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html

[security-announce] openSUSE-SU-2019:2503-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20191205-0001/

November 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11

Mailing List;Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-18805

Products affected by CVE-2019-18805

Exploit prediction scoring system (EPSS) score for CVE-2019-18805

CVSS scores for CVE-2019-18805

CWE ids for CVE-2019-18805

References for CVE-2019-18805