Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.
Potential attackers could exploit the security flaw found in Linux kernel's rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines.
The attacks can be launched with the help of specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.
The remotely exploitable vulnerability has been assigned a 8.1
high severity base score by NIST's NVD, it is being tracked as
CVE-2019-11815 (
Red Hat,
Ubuntu,
SUSE, and
Debian) and it could be abused by unauthenticated attackers without interaction from the user.
... ... ...