Linux systems running kernels before 5.0.8 require patching after news came of a serious error that could be exploited remotely.
According to the NIST consultancy, CVE-2019-1181 is a racing condition that affects the kernel
net / RDS / tcp.c “Leading to a use-after-free, related to net namespace cleanup.”
The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means that only systems running applications that use this are affected.
The striking part is that this opens unpatched systems for remote compromise and denial of service without the need for system rights or user interaction.
On the other hand, the attack complexity is described as & # 39; high & # 39; and such an attack should be initiated from the local network. That explains why it has received a CVSS 3.0 impact score of 5.9 with an exploitability score of just 2.2.
We get some clues as to the complexity required for exploitation in comments added to Red Hat’s advice that the attacker “needs to manipulate the socket status while a network namespace is being broken.” So, not easy then.
Ubuntu & # 39; s Seth Arnold has added:
I have not yet seen any evidence supporting allegations that this can be abused remotely. The blacklist of the rds.ko module is probably sufficient to prevent the vulnerable code from loading.
Earlier this year, the vulnerability was patched in version 5.0.8, which was released last month. More information about how this affects individual distributions can be found on the advice of Red Hat, Ubuntu, Debian and SUSE.
As with any operating system, Linux and its many modules occasionally suffer from these problems. In January, three errors were found in the controversial system administrator SystemD, not helped by the publication of code to exploit them by a company called Capsule8.
More recently, CVE-2019-5736 arose, an error in something called runC that is used by software such as Docker, Kubernetes, cri-o, and containerd.
. (tagsToTranslate) denial of service (t) linux (t) vulnerability (t) linux (t) race condition (t) reliable datagram sockets
>> Source Link