CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.8%
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux
kernel before 5.0.8. There is a race condition leading to a use-after-free,
related to net namespace cleanup.
Author | Note |
---|---|
seth-arnold | I haven’t yet seen evidence to support allegations that this is remotely exploitable. Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading. The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS. I’m dropping priority as a result. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | <Â 4.15.0-55.60 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | <Â 5.0.0-16.17 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | <Â 4.4.0-150.176 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | <Â 4.15.0-1047.49 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | <Â 5.0.0-1007.7 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | <Â 4.4.0-1045.48 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | <Â 4.4.0-1084.94 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | <Â 4.15.0-1047.49~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | <Â 4.18.0-1025.27~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-azure | <Â 5.0.0-1008.8 | UNKNOWN |
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63
launchpad.net/bugs/cve/CVE-2019-11815
nvd.nist.gov/vuln/detail/CVE-2019-11815
security-tracker.debian.org/tracker/CVE-2019-11815
ubuntu.com/security/notices/USN-4005-1
ubuntu.com/security/notices/USN-4008-1
ubuntu.com/security/notices/USN-4008-3
ubuntu.com/security/notices/USN-4068-1
ubuntu.com/security/notices/USN-4068-2
ubuntu.com/security/notices/USN-4118-1
www.cve.org/CVERecord?id=CVE-2019-11815
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.8%