A large number of Linux based systems are likely vulnerable due to a high-impact race condition flaw that was found in the Linux kernel.
Kernel versions prior to 5.0.8 are affected by this vulnerability (CVE-2019-11815), which resides in rds_tcp_kill_sock in net/rds/tcp.c. “There is a race condition leading to a use-after-free [UAF],” according to the CVE description.
The vulnerability could be exploited by sending specially crafted TCP packets to vulnerable Linux systems.
Attackers can trigger the race condition issue to cause a denial-of-service (DoS) attack and to execute code remotely on vulnerable Linux machines. The exploitation of the flaw could allow attackers to access resources, modify any files, and deny access to resources.
NIST assigned to the vulnerability an exploitability score of 2.2 and an impact score of 5.9 because it is difficult to exploit.
Linux issued a new kernel version on April 17, but the bug itself wasn’t widely reported; now, distributions like Debian, Red Hat, SUSE and Ubuntu have issued updates in the last week.
It is recommended that you update as soon as possible.
Join Our Online Security and Hosting Newsletter Today
