A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation.
Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
The issue, a NIST advisory reveals, is a race condition that affects the kernel’s rds_tcp_kill_sock in net/rds/tcp.c. The bug leads to a use-after-free, related to net namespace cleanup, the advisory reveals.
“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” the Red Hat advisory on this bug reads.
Apparently, the vulnerability can be exploited over the network and requires no privileges or user interaction, although the complexity of a successful attack is rather high. An attacker could abuse the issue to access restricted information or cause denial of service.
According to Seth Arnold from Ubuntu’s security team, although the bug is said to be remotely exploitable, there doesn’t appear to be evidence to sustain that.
“Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading. The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS,” he notes.
Suse too notes that the attack vector is local and considers that the vulnerability’s base severity score should be lower (6.4). Debian has issued an advisory as well.
Related: Intel MDS Vulnerabilities: What You Need to Know
Related: DoS Vulnerabilities Impact Linux Kernel
Related: Google Project Zero Discloses New Linux Kernel Flaw
Related: Siemens Warns of Linux, GNU Flaws in Controller Platform

More from Ionut Arghire
- US, Israel Provide Guidance on Securing Remote Access Software
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
Latest News
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
