--- zzzz-none-000/linux-2.6.32.61/net/ipv4/tcp_output.c	2013-06-10 09:43:48.000000000 +0000
+++ ar10-7272-687/linux-2.6.32.61/net/ipv4/tcp_output.c	2019-07-09 13:37:14.000000000 +0000
@@ -983,6 +983,9 @@
 	/* Now subtract TCP options size, not including SACKs */
 	mss_now -= tp->tcp_header_len - sizeof(struct tcphdr);
 
+	/* CVE-2019-11479: set mss to 536 minimum */
+	mss_now = max(mss_now, 536);
+
 	return mss_now;
 }