Hewlett Packard Enterprise Product Security Vulnerability Alerts

Linux Kernel TCP SACK Panic Remote Denial of Service (CVE-2019-11477, CVE-2019-11478,CVE-2019-11479)

Version 2.0 :  Last Updated: September 13, 2019

This website is updated frequently, as new product information becomes available.

Three related flaws were found in the Linux kernel’s handling of TCP networking. The most severe vulnerability could allow a remote attacker to trigger a kernel panic in systems running the affected kernel and impact the system availability. The issues have been assigned the following CVEs:

  • CVE-2019-11477: SACK Panic
  • CVE-2019-11478: SACK Slowness
  • CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values

The first two CVEs are related to the Selective Acknowledgement (SACK) packets combined with the TCP Maximum Segment Size (MSS), while the third CVE is impacted due to the Maximum Segment Size (MSS).

Usage Instructions and Definitions for CVE Vulnerability Information

Data

Definition

Product Category

High-level product description.

Product Sub-Category

Medium-level product description.

Product Name

Detailed product description.

 

(Impacted)

Indicates whether the specific product is affected by the cited vulnerability.

 

If Impacted - Mitigation or

Information regarding how to address a vulnerability.

Under Investigation

Link(s) to security bulletin (Vendor)

Link to Vendor's Security Bulletin.

 

Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.

Product Category

Product

Sub-Category

Product Name

Impacted

Mitigation and Notes

Security Bulletin (HPE)

Security Bulletin (Vendor)

Networking

Aruba Network

Aruba ClearPass

Yes (Indirect)

Under investigation

 

 

SDCG

Converged Systems

HP OneView

Yes

Under investigation.

 

 

Hybrid IT

Non-HP OS

CentOS

Yes

Errata available

 

https://www.tenable.com/plugins/nessus/126006

Hybrid IT

Non-HP OS

Debian

Yes

Errata available

 

https://security-tracker.debian.org/tracker/CVE-2019-11477

Hybrid IT

Non-HP OS

Oracle Linux

Yes

Errata available

 

https://linux.oracle.com/cve/CVE-2019-11477.html

Hybrid IT

Non-HP OS

Red Hat Enterprise Linux

Yes

Errata available

 

https://access.redhat.com/security/cve/cve-2019-11477

Hybrid IT

Non-HP OS

Ubuntu

Yes

Errata available

 

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html

Hybrid IT

Storage

StoreOnce

Yes

Under Investigation

 

 

Hybrid IT

Storage

MSA

Yes

Under Investigation

 

 

Hybrid IT

Storage

StoreEver MSL6480

Yes

Under Investigation

 

 

Hybrid IT

Storage

StoreEver MSL3040

Yes

Under Investigation

 

 

Hybrid IT

Storage

StoreVirtual

Yes

Under Investigation

 

 

Hybrid IT

Storage

StoreFabric M-Series Ethernet Switches

Yes

Under Investigation

 

 

Simplivity

Storage

HPE SimpliVity 380 Gen9 Nodes

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SimpliVity

Storage

HPE SimpliVity 380 Gen10 Nodes

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SimpliVity

Storage

HPE SimpliVity 2600 Gen10 Nodes

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SimpliVity

Storage

SimpliVity OmniCube

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SimpliVity

Storage

SimpliVity OmniStack for Cisco

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SimpliVity

Storage

SimpliVity OmniStack for Lenovo

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SimpliVity

Storage

SimpliVity OmniStack for Dell

Yes

Refer to the Customer Notice

Customer Notice a00088742

 

SDCG

Converged Systems

Synergy Composer (OneView)

Yes

Under Investigation

 

 

SDCG

Converged Systems

HPE OneView Global Dashboard

Yes

Under Investigation

 

 

SDCG

Converged Systems

HPE Image Streamer

Yes

Under Investigation

 

 

Hybrid IT

Cloudline

CL3100 Gen10

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL4100 Gen10

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL5200 Gen9

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL5800 Gen9

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL2100 Gen10

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL2200 Gen10

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL2600 Gen10

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL2800 Gen10

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL3100 G3

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL5200 G3

Yes

BMC; Under Investigation

 

 

Hybrid IT

Cloudline

CL3150 Gen10

Yes

BMC; EOL system. No fix plan.

 

 

Hybrid IT

Storage

Nimble Platforms

Yes

Under Investigation

 

 

Hybrid IT

Storage

3PAR StoreServ

Yes

Under Investigation

 

 

Hybrid IT

Storage

3PAR StoreServ Service Processor

Yes

Under Investigation

 

 

Hybrid IT

Storage

3PAR StoreServ Management Console

Yes

Under Investigation

 

 

Networking

Aruba Network

AP's (AOS)

Yes

Under Investigation

 

 

Networking

Aruba Network

AirWave

Yes

Fix in 8.2.10

 

 

Networking

Aruba Network

CPPM

Yes

Under Investigation

 

 

Networking

Aruba Network

ArubaOS-CX Switches

Yes

Under Investigation

 

 

Networking

Aruba Network

MSM Wireless

Yes

Under Investigation

 

 

Hybrid IT

Non-HP OS

Citrix XenServer

Yes

Under Investigation

 

https://support.citrix.com/article/CTX239432?recommended

Networking

HPE Network

Smal Medium Business Solutions

Under investigation

Under Investigation

 

 

Networking

Aruba Network

Central

Under Investigation

Under Investigation

 

 

Networking

Aruba Network

IntroSpect

Under Investigation

Under Investigation

 

 

Networking

Aruba Network

SD Branch

Under Investigation

Under Investigation

 

 

Networking

Aruba Network

Office Connect

Under Investigation

Under Investigation

 

 

Hybrid IT

Platform Software

System Management Homepage for Solaris 10 (x86[/x64]) Systems

No

Not vulnerable

 

 

Hybrid IT

Non-HP OS

Solaris

No

Not vulnerable

 

 

Hybrid IT

Storage

StoreEver MSL G3

No

Not vulnerable

 

 

Hybrid IT

Storage

StoreEver MSL G2 1/8 Autoloader

No

Not vulnerable

 

 

Hybrid IT

Storage

XP7

No

Not vulnerable

 

 

Hybrid IT

Storage

StoreEasy (all products)

No

Not vulnerable

 

 

Networking

Aruba Network

Meridian

No

Not vulnerable

 

 

Networking

Aruba Network

Aruba PVOS Switches

No

Not vulnerable

 

 

Networking

Aruba Network

NetInsight

No

Not vulnerable