Linux systems based on kernel versions prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free that could be exploited by hackers to get remote code execution.
Attackers can trigger the race condition issue that resides in the rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to cause a denial-of-service (DoS) condition and to execute code remotely on vulnerable Linux machines.
The vulnerability could be exploited by sending specially crafted TCP packets to vulnerable Linux systems.
The vulnerability tracked as CVE-2019-11815 received a CVSS v3.0 base score of 8.1, it could be abused by unauthenticated attackers without user interaction.
Anyway, the NIST assigned to the vulnerability an exploitability score of 2.2 and an impact score of 5.9 because it is difficult to exploit.
“An issue was discovered in rds_tcp_kill_sock in net/rds/
The exploitation of the flaw could allow attackers to access resources, modify any files, and deny access to resources.
The development team of Linux kernel already released a security patch that addressed the CVE-2019-11815 flaw at the end of March. The vulnerability was completely fixed with the release of Linux kernel 5.0.8 version.
Below the security advisories published by the major Linux distributions:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.