Lucene search

K
cve[email protected]CVE-2019-11815
HistoryMay 08, 2019 - 2:29 p.m.

CVE-2019-11815

2019-05-0814:29:00
CWE-362
CWE-416
web.nvd.nist.gov
334
cve-2019-11815
issue discovery
rds_tcp_kill_sock
use-after-free
linux kernel
net namespace cleanup

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.7%

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

Affected configurations

NVD
Node
linuxlinux_kernelRange4.34.4.179
OR
linuxlinux_kernelRange4.94.9.169
OR
linuxlinux_kernelRange4.144.14.112
OR
linuxlinux_kernelRange4.194.19.35
OR
linuxlinux_kernelRange5.05.0.8
OR
linuxlinux_kernelMatch5.1rc1
OR
linuxlinux_kernelMatch5.1rc2
OR
linuxlinux_kernelMatch5.1rc3
OR
linuxlinux_kernelMatch5.1rc4
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
OR
opensuseleapMatch42.3
Node
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netapphci_management_nodeMatch-
OR
netappsnapprotectMatch-
OR
netappsolidfireMatch-
OR
netappstorage_replication_adapterMatch7.2vsphere
OR
netappvasa_provider_for_clustered_data_ontapRange7.2
OR
netappvirtual_storage_consoleRange7.2vsphere
OR
netapphci_compute_nodeMatch-
OR
netapphci_storage_nodeMatch-
Node
netappcn1610Match-
AND
netappcn1610_firmwareMatch-

References

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.7%