--- zzzz-none-000/linux-2.6.28.10/net/ipv4/tcp_timer.c 2009-05-02 18:54:43.000000000 +0000 +++ fusiv-7390-686/linux-2.6.28.10/net/ipv4/tcp_timer.c 2019-07-09 13:48:20.000000000 +0000 @@ -126,6 +126,8 @@ mss = tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low) >> 1; mss = min(sysctl_tcp_base_mss, mss); mss = max(mss, 68 - tp->tcp_header_len); + /* CVE-2019-11479: set mss to 536 minimum */ + mss = max(mss, 536); icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss); tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); } @@ -496,7 +498,7 @@ elapsed = keepalive_time_when(tp); /* It is alive without keepalive 8) */ - if (tp->packets_out || tcp_send_head(sk)) + if (icsk->icsk_retransmits == 0 && (tp->packets_out || tcp_send_head(sk))) goto resched; elapsed = tcp_time_stamp - tp->rcv_tstamp;