CVE-2019-11815

Impact:
Important
Public Date:
2019-05-08
CWE:
CWE-362
Bugzilla:
1708518: CVE-2019-11815 kernel: race condition in rds_tcp_kill_sock in net/rds/tcp.c leading to use-after-free
A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down. This can lead to possible memory corruption and privilege escalation.

Find out more about CVE-2019-11815 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The affected code is not built in the following kernels:

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux MRG-2
  • Red Hat Enterprise Linux for ARM (kernel-alt).
  • Red Hat Enterprise Linux 8

These kernels are not affected.

The affected code was introduced by commit bdf5bd7f21323493dbe5f2c723dc33f2fbb0241a.

This affected commit is not present in the following kernels:

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 8.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Not affected
Red Hat Enterprise Linux 8 kernel Not affected
Red Hat Enterprise Linux 8 kernel-rt Not affected
Red Hat Enterprise Linux 7 kernel-alt Not affected
Red Hat Enterprise Linux 7 kernel Not affected
Red Hat Enterprise Linux 7 kernel-rt Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Last Modified