Over 30 VMware products are affected by SACK Panic and SACK Slowness, two recently disclosed Linux kernel vulnerabilities that can be exploited remotely without authentication for denial-of-service (DoS) attacks. The security holes, discovered by a researcher working for Netflix, are related to how the kernel handles TCP Selective Acknowledgement (SACK) packets with a low minimum segment size (MSS). They could impact many devices, including servers, Android smartphones and embedded systems. There are a total of three vulnerabilities tracked as SACK Panic (CVE-2019-11477), SACK Slowness (CVE-2019-11478, which also impacts FreeBSD), and CVE-2019-11479.
Read how more than 20 VMware products are affected by SACK Linux vulnerabilities on Security Week.