Four recent vulnerabilities have been uncovered by the one and only Netflix researchers within the FreeBSD and Linux kernels which may result in denial of service. Exploitation of these vulnerabilities would produce an interruption of TCP connections resulting in the streaming content to flow to the vulnerable Linux-based machines. Malicious attackers could disable connections to these vulnerable Linux-Powered machines causing the denial of service.
Furthermore, three of the related flaws were found in the Linux kernel’s handling of the TCP networking. The first two are found in the ‘Selective Acknowledgement’ (SACK) packets combined with the ‘Maximum Segment Size Parameter’ and lastly, the third within the ‘Maximum Segment Size’ parameter according to an advisory issued on the 17th of June 2019.
The most severe out of the four vulnerabilities found is CVE-2019-11477 also known as ‘SACK Panic’. This vulnerability specifically impacts Linux kernels 2.6.29 versions and above. This vulnerability could allow remote attackers to trigger a kernel panic in the Linux system which results in the systems availability.
The CVE numbers are as follows: