CVE-2019-11683 - udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remot

CVE-2019-11683

Summary

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.8:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.12:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 19-01-2023 - 16:12)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	108142
confirm	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.13 https://security.netapp.com/advisory/ntap-20190517-0002/ https://support.f5.com/csp/article/K69550896
fedora	FEDORA-2019-5b76e711b3
misc	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 https://www.spinics.net/lists/netdev/msg568315.html
mlist	[oss-security] 20190502 CVE-2019-11683: "GRO packet of death" issue in the Linux kernel [oss-security] 20190505 Re: CVE-2019-11683: "GRO packet of death" issue in the Linux kernel
ubuntu	USN-3979-1

Last major update

19-01-2023 - 16:12

Published

02-05-2019 - 17:29

Last modified

19-01-2023 - 16:12