Announced 5 July 2019

Score: High

A security issue affects IGEL Linux-based operating systems in the following versions:

  • IGEL OS 11
  • IGEL OS 10
  • IGEL Linux 5


It has been discovered that the Linux Kernel can be crashed by sending specially crafted network packets to a Linux host (CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479). Issues in minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities can cause a kernel panic.

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.01.120
  • IGEL OS 10: Update to IGEL OS 10.05.830


  • IGEL Linux 5: Add the following command to System > Firmware Customization > Custom Commands > Base > Initialization: echo 0 > /proc/sys/net/ipv4/tcp_mtu_probing ; iptables -I INPUT -p tcp -m tcpmss --mss 1:1000 -j DROP


Advisory from Netflix with further suggestions for workarounds: