Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11815

Опубликовано: 08 мая 2019
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down. This can lead to possible memory corruption and privilege escalation.

Отчет

The affected code is not built in the following kernels:

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux MRG-2
  • Red Hat Enterprise Linux for ARM (kernel-alt).
  • Red Hat Enterprise Linux 8 These kernels are not affected. The affected code was introduced by commit bdf5bd7f21323493dbe5f2c723dc33f2fbb0241a. This affected commit is not present in the following kernels:
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1708518kernel: race condition in rds_tcp_kill_sock in net/rds/tcp.c leading to use-after-free

EPSS

Процентиль: 80%
0.01491
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11815

CVSS3: 8.1
ubuntu
около 6 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

nvd логотип

CVE-2019-11815

CVSS3: 8.1
nvd
около 6 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

debian логотип

CVE-2019-11815

CVSS3: 8.1
debian
около 6 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the L ...

github логотип

GHSA-qw9v-6653-v66g

github
около 3 лет назад

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

fstec логотип

BDU:2020-01595

CVSS3: 8.1
fstec
около 6 лет назад

Уязвимость функции rds_tcp_kill_sock ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 80%
0.01491
Низкий

8.1 High

CVSS3

Уязвимость CVE-2019-11815