exploitDog

CVE-2019-11815

Опубликовано: 08 мая 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/108283
Third Party Advisory
VDB Entry
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
Release Notes
Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63
Exploit
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/26
Issue Tracking
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190719-0003/
Third Party Advisory
https://support.f5.com/csp/article/K32019083
Third Party Advisory
https://usn.ubuntu.com/4005-1/
Third Party Advisory
https://usn.ubuntu.com/4008-1/
Third Party Advisory
https://usn.ubuntu.com/4008-3/
Third Party Advisory
https://usn.ubuntu.com/4068-1/
Third Party Advisory
https://usn.ubuntu.com/4068-2/
Third Party Advisory
https://usn.ubuntu.com/4118-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4465
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.3 (включая) до 4.4.179 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.9 (включая) до 4.9.169 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.14 (включая) до 4.14.112 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.19 (включая) до 4.19.35 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.8 (исключая)

cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*

Версия от 9.5 (включая)

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storage_replication_adapter:7.2:*:*:*:*:vsphere:*:*

cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*

Версия от 7.2 (включая)

cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*

Версия от 7.2 (включая)

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01491

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2019-11815

CVSS3: 8.1

ubuntu

около 6 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

CVE-2019-11815

CVSS3: 8.1

redhat

около 6 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

CVE-2019-11815

CVSS3: 8.1

debian

около 6 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the L ...

GHSA-qw9v-6653-v66g

github

около 3 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

BDU:2020-01595

CVSS3: 8.1

fstec

около 6 лет назад

Уязвимость функции rds_tcp_kill_sock ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 80%

0.01491

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-362