Suivre

Linux Kernel Flaw Allows Remote Code-Execution

The bug is remotely exploitable without authentication or user interaction.

threatpost.com/linux-kernel-re

versions prior to 5.0.8 are affected by the vulnerability (CVE-2019-11815) !in !t

@costalfy As it seems, this is not a TCP RCE per se. You need to have RDS in use and the corresponding module loaded.

@costalfy

Ugly buggly.

"CVE-2019-11815 Detail
MODIFIED
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Current Description
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup."

nvd.nist.gov/vuln/detail/CVE-2

Inscrivez-vous pour prendre part à la conversation
Framapiaf

Framapiaf est un service de microblog similaire à Twitter. Il est libre, décentralisé et fédéré. Il permet de courts messages (max. 500 caractères), de définir leur degré de confidentialité et de suivre les membres du réseau sans publicité ni pistage.