All Linux kernels prior to 5.0.8 are vulnerable to a race condition vulnerability which can allow remote code execution.
The vulnerability in the RDS (Reliable Datagram Socket) module can lead to a use after free condition which can be leveraged to achieve remote code execution by sending specially crafted TCP packets to a vulnerable server. CVE-2019-11815 was patched in Linux Kernel 5.0.8 which was issued last month.
While difficult to exploit, the potential impact is significant leading NIST to rate the severity of this vulnerability as High.
System Administrators with affected Linux servers connected to the Internet are advised to promptly implement this patch.
Recent Comments