Click For Photo: https://regmedia.co.uk/2019/06/17/shutterstock_sad_student.jpg
It is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines with the same attack.
Given that Linux powers an incredible amount of stuff these days, anything from network or internet-connected TVs, routers, thermostats, light switches, CCTV cameras, and robot vacuum cleaners, to servers, PCs, Android and ChromeOS devices, smart fridges, dialysis machines, car infotainment systems, tractors, construction equipment, and uranium centrifuges, and so on, can be potentially brought to a halt by miscreants if vulnerable.
Strangers - Data - Device - Internet - Network
Strangers can ping some data to your device over the internet or network, and potentially crash it, in other words. Not great, not terrible; it's a rather big annoyance that could disrupt netizens if script kiddies start firing off waves of exploits.
Patches and mitigations are available, and can be applied by hand if needed, or you can wait for a security fix to be pushed or offered to your at-risk device. A key workaround is to set /proc/sys/net/ipv4/tcp_sack to 0.
Heart - Drama - Flaw - SACK - Panic
At the heart of the drama is a programming flaw dubbed SACK Panic aka CVE-2019-11477: this bug can be exploited to remotely crash systems powered by Linux kernel version 2.6.29 or higher, which was released 10 years ago.
There are three other related holes: SACK Slowness, aka CVE-2019-11478, which affects Linux kernels pre-4.15, and all versions to a degree; SACK Slowness, aka CVE-2019-5599, which affects FreeBSD 12 using the RACK...
Wake Up To Breaking News!