Ubuntu
linux package

CVE-2019-11815

Bug #1829055 reported by themusicgod1
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Debian)
Fix Released
Unknown
linux (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

This is a remotely exploitable bug, and seems to be relevant for all current versions of ubuntu, including LTS ones.

Debian CVE : https://security-tracker.debian.org/tracker/CVE-2019-11815

Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63

Tags: bionic cscc disco

CVE References

Revision history for this message
themusicgod1 (themusicgod1) wrote :

seems to only be remotely executable if rds is enabled, which it isn't by default in debian...

Bug Watch Updater (bug-watch-updater)
Changed in linux (Debian):
status: Unknown → Fix Released
Steve Beattie (sbeattie)
information type: Private Security → Public Security
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1829055

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Steve Beattie (sbeattie) wrote :

rds is also blocked by default in ubuntu, via the /etc/modprobe.d/blacklist-rare-network.conf configuration file.

  # rds
  alias net-pf-21 off

It's also not entirely clear that this is actually remotely exploitable, as network namespace exit is normally a local action, which is what would trigger a cleanup. NVD's CVSS score (https://nvd.nist.gov/vuln/detail/CVE-2019-11815) claims the vulnerability is network accessible (which is the basis for a couple of the news articles going around), but e.g. SUSE considers it local access only (see https://www.suse.com/security/cve/CVE-2019-11815/).

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → Medium
Brad Figg (brad-figg)
tags: added: cscc
Revision history for this message
Tyler Hicks (tyhicks) wrote :

This has been fixed for some time. Please see the Ubuntu CVE Tracker for kernel version information:

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11815.html

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.