Linux Kernel Flaw Allows Remote Code-Execution

The bug is remotely exploitable without authentication or user interaction.

versions prior to 5.0.8 are affected by the vulnerability (CVE-2019-11815) !in !t

@costalfy As it seems, this is not a TCP RCE per se. You need to have RDS in use and the corresponding module loaded.


Ugly buggly.

"CVE-2019-11815 Detail
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup."

Inscrivez-vous pour prendre part à la conversation

Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !