CVE-2019-11815
Published: 8 May 2019
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
From the Ubuntu Security Team
It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Notes
Author | Note |
---|---|
seth-arnold | I haven't yet seen evidence to support allegations that this is remotely exploitable. Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading. The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS. I'm dropping priority as a result. |
Priority
Status
Package | Release | Status |
---|---|---|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1047.49)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(5.0.0-1007.7)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.4.0-1084.94)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1025.27~18.04.1)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(5.0.0-1008.8)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-1051.56)
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1025.27~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-1051.56)
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-1047.49~16.04.1)
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-55.60)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(5.0.0-16.17)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.4.0-150.176)
|
|
Patches: Introduced by 467fa15356acfb7b2efa38839c3e76caa4e6e0ea |
||
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(5.0.0-1007.7)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-1037.39~16.04.1)
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Ignored
(end of life)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-23.24~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-55.60~16.04.2)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-16.17~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-55.60~16.04.2)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1039.39)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(5.0.0-1007.7)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.4.0-1047.53)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
cosmic |
Ignored
(end of life)
|
|
disco |
Released
(4.15.0-1050.57)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1018.20)
|
cosmic |
Ignored
(end of life, was released)
|
|
disco |
Released
(4.15.0-1018.20)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.15.0-1018.20~16.04.1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1041.44)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(5.0.0-1009.9)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.4.0-1110.118)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1058.64)
|
cosmic |
Does not exist
|
|
disco |
Released
(5.0.0-1013.13)
|
|
upstream |
Released
(5.1~rc4)
|
|
xenial |
Released
(4.4.0-1114.119)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11815
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63
- https://ubuntu.com/security/notices/USN-4005-1
- https://ubuntu.com/security/notices/USN-4008-1
- https://ubuntu.com/security/notices/USN-4008-3
- https://ubuntu.com/security/notices/USN-4068-1
- https://ubuntu.com/security/notices/USN-4068-2
- https://ubuntu.com/security/notices/USN-4118-1
- NVD
- Launchpad
- Debian