Forum Discussion

squip's avatar
squip
Icon for Nimbostratus rankNimbostratus
Jun 18, 2019

TCP SACK Kernel Panic Vuln- F5 impacted?

Hi Team,

 

I know this question is eventually going to be asked - I may as well do it:

 

With the news this week around three CVE's relating to Selective ACK's (CVE-2019-11477/CVE-2019-11478/CVE-2019-5599) - I wanted to know if we need to disable SACK's on our TCP profiles or is this threat mitigated by the fact that traffic is handled by the F5 pipeline instead of the Linux socket buffer?

 

Thanks.