Lucene search

threatpostTara SealsTHREATPOST:6BC5A77642CCFDC60E73B7EBBE34A2D2
HistoryMay 14, 2019 - 3:21 p.m.

Linux Kernel Flaw Allows Remote Code-Execution

Tara Seals

0.007 Low




Millions of Linux systems could be vulnerable to a high-impact race condition flaw in the Linux kernel.

Kernel versions prior to 5.0.8 are affected by the vulnerability (CVE-2019-11815), which exists in the rds_tcp_kill_sock in net/rds/tcp.c. “There is a race condition leading to a use-after-free [UAF],” according to the CVE description.

Linux issued a new kernel version on April 17, but the bug itself wasn’t widely reported; now, distributions like Debian, Red Hat, SUSE and Ubuntu have issued updates in the last week.

A race condition happens when a process consisting of specific tasks that are meant to occur in a particular sequence is confused by a request to perform two or more operations simultaneously. During that confusion, a rogue process could be inserted.

In the case of CVE-2019-11815, attackers could exploit the bug by sending specially created TCP packets remotely, to trigger a UAF situation related to net namespace cleanup, the advisory details. UAF is a class of memory corruption flaw that can lead to system crashes and the ability for an attacker to execute arbitrary code.

A NIST National Vulnerability Database write-up on the flaw said that an attacker could exploit the bug without any elevated privileges, without authentication and with no user interaction. Nonetheless, the vulnerability is difficult to exploit, with a low exploitability score of 2.2 according to the CVSS v3.0 index; the overall base score is 8.1. Linux and the distributions list the flaw as having anywhere between high- to moderate-impact.

Linux kernel bugs are rare but not unheard-of. Last fall, two vulerabilities were found in the Linux kernel within a week of each other; one was a high-severity cache invalidation bug, which could allow an attacker to gain root privileges on the targeted system, and the other was a local-privilege escalation issue.

_Want to know more about Identity Management and navigating the shift beyond passwords? Don’t miss _our Threatpost webinar on May 29 at 2 p.m. ET. Join Threatpost editor Tom Spring and a panel of experts as they discuss how cloud, mobility and digital transformation are accelerating the adoption of new Identity Management solutions. Experts discuss the impact of millions of new digital devices (and things) requesting access to managed networks and the challenges that follow.