TCP SACK Kernel Panic Vuln- F5 impacted?

Question

Hi Team,&nbsp;I know this question is eventually going to be asked - I may as well do it:&nbsp;With the news this week around three CVE's relating to Selective ACK's  (CVE-2019-11477/CVE-2019-11478/CVE-2019-5599) - I wanted to know if we need to disable SACK's on our TCP profiles or is this threat mitigated by the fact that traffic is handled by the F5 pipeline instead of the Linux socket buffer?&nbsp;Thanks.

jg · Accepted Answer

See:&nbsp;K78234183: Linux SACK Panic vulnerability CVE-2019-11477&nbsp;K26618426: Linux SACK Slowness vulnerability CVE-2019-11478&nbsp;.&nbsp;&nbsp;&nbsp;&nbsp;

Forum Discussion

TCP SACK Kernel Panic Vuln- F5 impacted?

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

BGP - filtering kernel redistribution

Remove subnet from NAT pools without any impact

2 Microsoft 0-day, Linux kernel 6.0, Github Arctic Code Vault - This Week in Security - Sept 24-30

Impact of disabling TCP Timestamp in TCP and fasl4 profile

Impact of restarting big3d service