8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.7%
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux
kernel before 5.0.8. There is a race condition leading to a use-after-free,
related to net namespace cleanup.
Author | Note |
---|---|
seth-arnold | I haven’t yet seen evidence to support allegations that this is remotely exploitable. Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading. The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS. I’m dropping priority as a result. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-55.60 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-16.17 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-150.176 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1047.49 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1007.7 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1045.48) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1084.94 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1047.49~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 4.18.0-1025.27~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-azure | < 5.0.0-1008.8 | UNKNOWN |
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63
launchpad.net/bugs/cve/CVE-2019-11815
nvd.nist.gov/vuln/detail/CVE-2019-11815
security-tracker.debian.org/tracker/CVE-2019-11815
ubuntu.com/security/notices/USN-4005-1
ubuntu.com/security/notices/USN-4008-1
ubuntu.com/security/notices/USN-4008-3
ubuntu.com/security/notices/USN-4068-1
ubuntu.com/security/notices/USN-4068-2
ubuntu.com/security/notices/USN-4118-1
www.cve.org/CVERecord?id=CVE-2019-11815
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.7%