CVE-2019-11815

Bug #1829055 reported by themusicgod1 on 2019-05-14
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Debian)
Fix Released
Unknown
linux (Ubuntu)
Medium
Unassigned

Bug Description

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

This is a remotely exploitable bug, and seems to be relevant for all current versions of ubuntu, including LTS ones.

Debian CVE : https://security-tracker.debian.org/tracker/CVE-2019-11815

Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63

CVE References

themusicgod1 (themusicgod1) wrote :

seems to only be remotely executable if rds is enabled, which it isn't by default in debian...

Changed in linux (Debian):
status: Unknown → Fix Released
Steve Beattie (sbeattie) on 2019-05-15
information type: Private Security → Public Security

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1829055

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Steve Beattie (sbeattie) wrote :

rds is also blocked by default in ubuntu, via the /etc/modprobe.d/blacklist-rare-network.conf configuration file.

  # rds
  alias net-pf-21 off

It's also not entirely clear that this is actually remotely exploitable, as network namespace exit is normally a local action, which is what would trigger a cleanup. NVD's CVSS score (https://nvd.nist.gov/vuln/detail/CVE-2019-11815) claims the vulnerability is network accessible (which is the basis for a couple of the news articles going around), but e.g. SUSE considers it local access only (see https://www.suse.com/security/cve/CVE-2019-11815/).

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.