Linux Kernel TCP SACK Denial of Service Issues

Created by Todd Zabel (Unlicensed)
Jun 18, 2019
1 min read

Akamai has been made aware of the recent Kernel vulnerability that was disclosed by the Netflix Security team on June 17, 2019.  The issue is related to a number of TCP flaws in the Linux and FreeBSD kernels, one of which can be used to send a so-called ping of death to an Internet-facing Linux server and bring about a denial of service. The vulnerability is known as the "SACK Ping of Death".  As part of our early response security procedures, we have confirmed with the AWS team that the AWS services used by the Identity Cloud are safe and protected from the reported vulnerability.  Specifically, AWS applied updates to the Application Load Balancer (ALB) and Elastic Load Balancer (ELB), which detect and remediate the issue.  The issue has been resolved and all Identity Cloud services are running uninterrupted.  Please direct any questions or concerns to the Technical Support team.