Forum Discussion
Paula_Livingsto
Altocumulus
AltocumulusF5 and Linux Kernel CVE-2019-8980 Denial of Service Vulnerability
Hi all,
I have been asked this morning by a military client for whom I monitor a number of LTM regarding the susceptibility of his equipment to this vulnerability (Linux Kernel CVE-2019-8980 Denial of Service Vulnerability)
It's fully referenced here:
I've had a look about and I cannot find anything specific beyond this document:
K56480726: Linux kernel vulnerability CVE-2019-8980
however, I am aware that the status of this vulnerability under the aegis of NIST has very recently been placed back into scrutiny due to a lack of clarity regarding its modification. NIST document below refers:
Can anybody provide more timely advice on this situation?
Thanks, guys, I've spoken to my local f5 guys and they have confirmed the information on the NIST site is incorrect or rather out of date and the vulnerability is no longer under scrutiny.
Grace_389420Nimbostratus
Hi,
F5 has clearly stated that its products are not vulnerable. However you can check the kernel version of the LTM.
Regarding this link -> https://support.f5.com/csp/article/K56480726
(Updated Date: Apr 22, 2019)
I guess this document means that they are not affected to this vulnerability because of they normally develop a custom kernel with fixes written by their own, and the root of the vulnerability refers to code not implemented in their products.
However, the best way to know details about that is to open a support case. Normally they are reluctant to give details about the bugs, but in this case it's the best way to obtain responses.
KR, Dario.
Paula_LivingstoThanks, guys, I've spoken to my local f5 guys and they have confirmed the information on the NIST site is incorrect or rather out of date and the vulnerability is no longer under scrutiny.
