18th June 2019

TCP SACK kernel panic mitigation

June 18, 2019 10:05 CEST: On June 17, 2019 a vulnerability in the Linux kernel's handling of selective TCP ACKs was published: https://access.redhat.com/security/vulnerabilities/tcpsack (CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479). We're investigating the impact to our fleet of OpenShift clusters and will likely be deploying a mitigation until updated kernels have been installed.

June 18, 2019 10:53 CEST: We've prepared a change mitigating the vulnerabilities and it's currently pending code review.

June 18, 2019 11:10 CEST: The migitation is being deployed.

June 18, 2019 12:20 CEST: Mitigation has been deployed to all OpenShift systems.