Home / Linux / Severe Linux kernel flaw found in RDS – Naked Security

Severe Linux kernel flaw found in RDS – Naked Security

Linux systems running kernels prior to 5.0.8 require patching after news emerged of a high-severity flaw that could be remotely exploited.

According to the NIST advisory, CVE-2019-1181 is a race condition affecting the kernel’s rds_tcp_kill_sock in net/rds/tcp.c “leading to a use-after-free, related to net namespace cleanup.”

The RDS bit refers to systems running the Reliable Datagram Sockets (RDS) for the TCP module, which means only systems that run applications using this are affected.

The attention-grabbing part is that this opens unpatched systems to remote compromise and denial of service without the need for system privileges or user interaction.

On the other hand, the attack complexity is described as ‘high’, and any such attack would need to be launched from the local network. That explains why it’s been given a CVSS 3.0 impact score of 5.9 with an exploitability score of only 2.2.

We get some clues to the complexity required for exploitation in comments added to Red Hat’s advisory, which states that it requires the attacker to “manipulate socket state while a network namespace is being torn down.” So, not easy then.