A crafted sequence of SACKs will fragment the TCP retransmission queue, causing resource exhaustion. A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.
An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection.