Many VMware Products Affected by SACK Linux Vulnerabilities
ctovision | July 03, 2019
Over 30 VMware products are affected by SACK Panic and SACK Slowness, two recently disclosed Linux kernel vulnerabilities that can be exploited remotely without authentication for denial-of-service (DoS) attacks. The security holes, discovered by a researcher working for Netflix, are related to how the kernel handles TCP Selective Acknowledgement (SACK) packets with a low minimum segment size (MSS). They could impact many devices, including servers, Android smartphones and embedded systems.