Linux machines runningï¿½distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks.
Potential attackers could exploit the security flaw found in Linux kernel'sï¿½rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.cï¿½to trigger denial-of-service (DoS) states and to execute code remotely on vulnerable Linux machines.
The attacks can be launched with the help ofï¿½specially crafted TCP packets sent to vulnerable Linux boxes which can trigger use-after-free errors and enable the attackers to execute arbitrary code on the target system.
The remotely exploitable vulnerability has been assigned a 8.1 high severity base score by NIST's NVD, it is being tracked asï¿½CVE-2019-11815ï¿½(Red Hat, Ubuntu, SUSE, and Debian) and it could be abused by unauthenticated attackers without interaction from the user.
Luckily, because the attack complexity is high, the vulnerability received anï¿½exploitability score of 2.2 while the impact score is limited to 5.9.
According to CVSSï¿½3.0 the impact metrics, theï¿½CVE-2019-11815 flaw comes with high confidentiality, integrity, and availability impact which makes it possible for would-be attackers to gain access to all resources, modify an ..
Support the originator by clicking the read the rest link below.