SUSE addresses the "SACK Panic" TCP remote denial of service attacks | SUSE Communities

SUSE addresses the “SACK Panic” TCP remote denial of service attacks


Security researchers from Netflix have identified three new remote denial of service attacks against the Linux TCP stack.
These can be all exploited remotely as soon as a TCP port is open to the public in default settings.

There are three distinct issues:

  • CVE-2019-11477: Also known as “SACK Panic”. A integer overflow when SACK processing of small TCP fragments can be used by remote attackers to crash the kernel.
  • CVE-2019-11478: By sending SACK segments in crafted order remote attackers could fragment the SACK queue and cause increased use of memory, potentially running the system out of memory, and higher CPU load.
  • CVE-2019-11479: A remote attacker could force heavy fragmentation of TCP segments, which could cause a higher amount of bandwith being used and also higher CPU load on the attacked system.

All SUSE Linux versions are affected by these problems.

SUSE has released security updates for all maintained distributions.

If you cannot install these updates right away, there are workarounds for the system or via firewalls, these are documented on our TID.

TID Link: TID 7023928

CVE links:

(Visited 1 times, 1 visits today)


  • Guy Chapman says:

    When are we expecting kernel patches to be released?

  • Guy Chapman says:

    Hi – the text in this article says “SUSE has released security updates for all maintained distributions.” – However on clicking through to the TID, it just gives workarounds….. Have kernel pacthes been released?

    • Marcus Meissner says:

      Kernel updates have been released for all distributions, click on the CVE links to get the versions and releases.

  • Leave a Reply

    Your email address will not be published.