Category Archives: CVE-2019-11815

Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP.

Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP.

The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1. The vulnerability only affects Linux kernels prior to 5.0.8, that use the Reliable Datagram Sockets (RDS) for the TCP module.

“An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.” reads the security advisory published by the NIST.

The NIST classified the flaw as a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c.. 

The vulnerability could be exploited by a remote attacker with no privileges over the network, the issue doesn’t require user interaction.

An attacker could exploit the vulnerability to access restricted information or trigger a denial of service condition. 

“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” reads the advisory published by Red Hat.

According to a note included in the security advisory published by Canonical, there is no evidence that the bug is remotely exploitable. 

“I haven’t yet seen evidence to support allegations that this is remotely exploitable. Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading.” said Seth Arnold from the Ubuntu’s security team. “The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS. I’m dropping priority as a result.”

Both Suse and Debian also published security advisories for the
CVE-2019-11815 vulnerability.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – Linux, CVE-2019-11815)

The post Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS appeared first on Security Affairs.

CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8

Security experts have found a race condition vulnerability (CVE-2019-11815) in Linux Kernel Prior to 5.0.8 that expose systems to remote code execution.

Linux systems based on kernel versions prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free that could be exploited by hackers to get remote code execution.

Attackers can trigger the race condition issue that resides in the rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to cause a denial-of-service (DoS) condition and to execute code remotely on vulnerable Linux machines.

The vulnerability could be exploited by sending specially crafted TCP packets to vulnerable Linux systems.

The vulnerability tracked as CVE-2019-11815 received a CVSS v3.0 base score of 8.1, it could be abused by unauthenticated attackers without user interaction.

Anyway, the NIST assigned to the vulnerability an exploitability score of 2.2 and an impact score of 5.9 because it is difficult to exploit.

“An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.” reads the description provided by Mitre.

The exploitation of the flaw could allow attackers to access resources, modify any files, and deny access to resources.

CVE-2019-11815 linux flaw

The development team of Linux kernel already released a security patch that addressed the CVE-2019-11815 flaw at the end of March. The vulnerability was completely fixed with the release of Linux kernel 5.0.8 version.

Below the security advisories published by the major Linux distributions:

Pierluigi Paganini

(SecurityAffairs – CVE-2019-11815, Linux Kernel)

The post CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8 appeared first on Security Affairs.