Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP.

Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP.

The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1. The vulnerability only affects Linux kernels prior to 5.0.8, that use the Reliable Datagram Sockets (RDS) for the TCP module.

“An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.” reads the security advisory published by the NIST.

The NIST classified the flaw as a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c..

The vulnerability could be exploited by a remote attacker with no privileges over the network, the issue doesn’t require user interaction.

An attacker could exploit the vulnerability to access restricted information or trigger a denial of service condition.

“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” reads the advisory published by Red Hat.

According to a note included in the security advisory published by Canonical, there is no evidence that the bug is remotely exploitable.

“I haven’t yet seen evidence to support allegations that this is remotely exploitable. Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading.” said Seth Arnold from the Ubuntu’s security team. “The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS. I’m dropping priority as a result.”

Both Suse and Debian also published security advisories for the
CVE-2019-11815 vulnerability.

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Linux, CVE-2019-11815)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.