Linux Kernel Flaw Allows Remote Code-Execution
The bug is remotely exploitable without authentication or user interaction.
#Kernel versions prior to 5.0.8 are affected by the vulnerability (CVE-2019-11815) !in !t
@costalfy As it seems, this is not a TCP RCE per se. You need to have RDS in use and the corresponding module loaded.
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup."
Le réseau social de l'avenir : Pas d'annonces, pas de surveillance institutionnelle, conception éthique et décentralisation ! Possédez vos données avec Mastodon !