By 
A memory corruption flaw lately discovered in Linux Kernel’s execution of RDS over TCP could result in privilege escalation.
The vulnerability, tracked as CVE-2019-11815 and including a CVSS base score of 8.1, affects Linux kernels before 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
A NUST advisory says that the issue is a race condition that impacts the kernel’s rds_tcp_kill_sock in net/rds/tcp.c. The advisory reveals that the bug results in a use-after-free, linked to net namespace cleanup.
“A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down,” the Red Hat advisory on this bug reads.
Ostensibly, the flaw can be exploited over the network and needs no privileges or user interaction, although the difficulty of a fruitful bout is rather high. An invader could misuse the problem to access constrained info or cause renunciation of service.
Seth Arnold from Ubuntu’s security team says that, although the bug is said to be remotely useable, there appears to be no evidence to endure that.
“Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading. The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS,” he notes.
Suse also notes that the bout vector is local and considers that the flaw’s base harshness score should be lower (6.4). Debian has issued an advisory as well.
