Hewlett Packard Enterprise Product Security Vulnerability Alerts
Linux Kernel TCP SACK Panic Remote Denial of Service (CVE-2019-11477, CVE-2019-11478,CVE-2019-11479)
Version 3.0 : Last Updated: February 4, 2020
This website is updated frequently, as new product information becomes available.
Three related flaws were found in the Linux kernel’s handling of TCP networking. The most severe vulnerability could allow a remote attacker to trigger a kernel panic in systems running the affected kernel and impact the system availability. The issues have been assigned the following CVEs:
- CVE-2019-11477: SACK Panic
- CVE-2019-11478: SACK Slowness
- CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values
The first two CVEs are related to the Selective Acknowledgement (SACK) packets combined with the TCP Maximum Segment Size (MSS), while the third CVE is impacted due to the Maximum Segment Size (MSS).
- Resources
- HPE Vulnerability Homepage
- CVE-2019-11477
- CVE-2019-11478
- CVE-2019-11479
- HPE Support Center
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Category |
High-level product description. |
Product Sub-Category |
Medium-level product description. |
Product Name |
Detailed product description. |
|
|
(Impacted) |
Indicates whether the specific product is affected by the cited vulnerability. |
|
|
If Impacted - Mitigation or |
Information regarding how to address a vulnerability. |
Under Investigation |
|
Link(s) to security bulletin (Vendor) |
Link to Vendor's Security Bulletin. |
Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.
Product Sub-Category |
Product Name |
Impacted |
Mitigation and Notes |
Security Bulletin (HPE) |
Security Bulletin (Vendor) |
|
Networking |
Aruba Network |
Aruba ClearPass |
Yes (Indirect) |
Under investigation |
|
|
SDCG |
Converged Systems |
HP OneView |
Yes |
Under investigation. |
|
|
Hybrid IT |
Non-HP OS |
CentOS |
Yes |
Errata available |
|
|
Hybrid IT |
Non-HP OS |
Debian |
Yes |
Errata available |
|
|
Hybrid IT |
Non-HP OS |
Oracle Linux |
Yes |
Errata available |
|
|
Hybrid IT |
Non-HP OS |
Red Hat Enterprise Linux |
Yes |
Errata available |
|
|
Hybrid IT |
Non-HP OS |
Ubuntu |
Yes |
Errata available |
|
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11477.html |
Hybrid IT |
Storage |
StoreOnce |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
MSA |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
StoreEver MSL6480 |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
StoreEver MSL3040 |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
StoreVirtual |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
StoreFabric M-Series Ethernet Switches |
Yes |
Under Investigation |
|
|
Simplivity |
Storage |
HPE SimpliVity
380 Gen9 Nodes |
Yes |
Refer to the Customer Notice |
|
|
SimpliVity |
Storage |
HPE SimpliVity
380 Gen10 Nodes |
Yes |
Refer to the Customer Notice |
|
|
SimpliVity |
Storage |
HPE SimpliVity
2600 Gen10 Nodes |
Yes |
Refer to the Customer Notice |
|
|
SimpliVity |
Storage |
SimpliVity OmniCube |
Yes |
Refer to the Customer Notice |
|
|
SimpliVity |
Storage |
SimpliVity OmniStack for Cisco |
Yes |
Refer to the Customer Notice |
|
|
SimpliVity |
Storage |
SimpliVity OmniStack for Lenovo |
Yes |
Refer to the Customer Notice |
|
|
SimpliVity |
Storage |
SimpliVity OmniStack for Dell |
Yes |
Refer to the Customer Notice |
|
|
SDCG |
Converged Systems |
Synergy Composer (OneView) |
Yes |
Under Investigation |
|
|
SDCG |
Converged Systems |
HPE OneView Global Dashboard |
Yes |
Under Investigation |
|
|
SDCG |
Converged Systems |
HPE Image Streamer |
Yes |
Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL3100 Gen10 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL4100 Gen10 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL5200 Gen9 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL5800 Gen9 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL2100 Gen10 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL2200 Gen10 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL2600 Gen10 |
Yes |
Update to BMC Firmware Bundle 2.22. Available on HPESC |
|
|
Hybrid IT |
Cloudline |
CL2800 Gen10 |
Yes |
Update to BMC Firmware Bundle 2.22. Available on HPESC |
|
|
Hybrid IT |
Cloudline |
CL3100 G3 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL5200 G3 |
Yes |
BMC; Under Investigation |
|
|
Hybrid IT |
Cloudline |
CL3150 Gen10 |
Yes |
BMC; EOL system. No fix plan. |
|
|
Hybrid IT |
Storage |
Nimble Platforms |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
3PAR StoreServ |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
3PAR StoreServ
Service Processor |
Yes |
Under Investigation |
|
|
Hybrid IT |
Storage |
3PAR StoreServ
Management Console |
Yes |
Under Investigation |
|
|
Networking |
Aruba Network |
AP's (AOS) |
Yes |
Under Investigation |
|
|
Networking |
Aruba Network |
AirWave |
Yes |
Fix in 8.2.10 |
|
|
Networking |
Aruba Network |
CPPM |
Yes |
Under Investigation |
|
|
Networking |
Aruba Network |
ArubaOS-CX Switches |
Yes |
Under Investigation |
|
|
Networking |
Aruba Network |
MSM Wireless |
Yes |
Under Investigation |
|
|
Hybrid IT |
Non-HP OS |
Citrix XenServer |
Yes |
Under Investigation |
|
|
Networking |
HPE Network |
Smal Medium Business Solutions |
Under investigation |
Under Investigation |
|
|
Networking |
Aruba Network |
Central |
Under Investigation |
Under Investigation |
|
|
Networking |
Aruba Network |
IntroSpect |
Under Investigation |
Under Investigation |
|
|
Networking |
Aruba Network |
SD Branch |
Under Investigation |
Under Investigation |
|
|
Networking |
Aruba Network |
Office Connect |
Under Investigation |
Under Investigation |
|
|
Hybrid IT |
Platform Software |
System Management Homepage for
Solaris 10 (x86[/x64]) Systems |
No |
Not vulnerable |
|
|
Hybrid IT |
Non-HP OS |
Solaris |
No |
Not vulnerable |
|
|
Hybrid IT |
Storage |
StoreEver MSL G3 |
No |
Not vulnerable |
|
|
Hybrid IT |
Storage |
StoreEver MSL G2 1/8 Autoloader |
No |
Not vulnerable |
|
|
Hybrid IT |
Storage |
XP7 |
No |
Not vulnerable |
|
|
Hybrid IT |
Storage |
StoreEasy (all products) |
No |
Not vulnerable |
|
|
Networking |
Aruba Network |
Meridian |
No |
Not vulnerable |
|
|
Networking |
Aruba Network |
Aruba PVOS Switches |
No |
Not vulnerable |
|
|
Networking |
Aruba Network |
NetInsight |
No |
Not vulnerable |
|
|