CVE-2019-11815

CWE-362 — Race Condition CWE-416 — Use After Free22 documents9 sources

Severity

8.1HIGH

EPSS

1.2%

top 21.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Debian Debian Linux +5 more

Timeline

PublishedMay 8

Latest updateMay 24

Description

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages7 packages

▶NVDlinux/linux_kernel4.3 — 4.4.179+5

▶Debianlinux< 4.19.37-1+3

▶NVDopensuse/leap15.0, 15.1, 42.3+2

▶NVDnetapp/vasa_provider

▶NVDnetapp/virtual_storage_console

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-qw9v-6653-v66g: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp↗2022-05-24

▶

OSV

linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2019-07-23

▶

CVEList

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp↗2019-05-08

▶

OSV

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp↗2019-05-08

▶

📋Vendor Advisories

Ubuntu

Linux kernel (AWS) vulnerabilities↗2019-09-02

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2019-07-23

▶

Ubuntu

Linux kernel vulnerabilities↗2019-07-23

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2019-06-07

▶

Ubuntu

Linux kernel vulnerabilities↗2019-06-04

▶