Forum Discussion

Paula_Livingsto's avatar
Paula_Livingsto
Icon for Altocumulus rankAltocumulus
Apr 24, 2019
Solved

F5 and Linux Kernel CVE-2019-8980 Denial of Service Vulnerability

Hi all,

 

I have been asked this morning by a military client for whom I monitor a number of LTM regarding the susceptibility of his equipment to this vulnerability (Linux Kernel CVE-2019-8980 Denial of Service Vulnerability)

 

It's fully referenced here:

 

CISA’s Cybersecurity Division

 

I've had a look about and I cannot find anything specific beyond this document:

 

K56480726: Linux kernel vulnerability CVE-2019-8980

 

however, I am aware that the status of this vulnerability under the aegis of NIST has very recently been placed back into scrutiny due to a lack of clarity regarding its modification. NIST document below refers:

 

CVE-2019-8980 Detail

 

Can anybody provide more timely advice on this situation?

 

  • Thanks, guys, I've spoken to my local f5 guys and they have confirmed the information on the NIST site is incorrect or rather out of date and the vulnerability is no longer under scrutiny.

     

3 Replies

  • Hi,

     

    F5 has clearly stated that its products are not vulnerable. However you can check the kernel version of the LTM.

     

  • Regarding this link -> https://support.f5.com/csp/article/K56480726

     

    (Updated Date: Apr 22, 2019)

     

    I guess this document means that they are not affected to this vulnerability because of they normally develop a custom kernel with fixes written by their own, and the root of the vulnerability refers to code not implemented in their products.

     

    However, the best way to know details about that is to open a support case. Normally they are reluctant to give details about the bugs, but in this case it's the best way to obtain responses.

     

    KR, Dario.

     

  • Thanks, guys, I've spoken to my local f5 guys and they have confirmed the information on the NIST site is incorrect or rather out of date and the vulnerability is no longer under scrutiny.