Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP
#1
Quote:A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation. 
 
Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
 
The issue, a NIST advisory reveals, is a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c. The bug leads to a use-after-free, related to net namespace cleanup, the advisory reveals. 
 
“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” the Red Hat advisory on this bug reads

Apparently, the vulnerability can be exploited over the network and requires no privileges or user interaction, although the complexity of a successful attack is rather high. An attacker could abuse the issue to access restricted information or cause denial of service. 

SOURCE: https://www.securityweek.com/linux-kerne...s-over-tcp
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>