20 May 19, 16:51
(This post was last modified: 20 May 19, 16:52 by silversurfer.)
Quote:A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation.
Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
The issue, a NIST advisory reveals, is a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c. The bug leads to a use-after-free, related to net namespace cleanup, the advisory reveals.
“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” the Red Hat advisory on this bug reads.
Apparently, the vulnerability can be exploited over the network and requires no privileges or user interaction, although the complexity of a successful attack is rather high. An attacker could abuse the issue to access restricted information or cause denial of service.
SOURCE: https://www.securityweek.com/linux-kerne...s-over-tcp
![[-]](https://www.geeks.fyi/images/collapse.png)
