Blog
Ganesh Lakariya

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

May 27, 2019
2
Estimated reading time: 2 minutes

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all.

This flaw could enable an attacker to compromise a system and vulnerability could be exploited by any remote attacker. They could do this with no privilege requirement over the network. There is no user interaction also required.

An attacker could exploit the following vulnerabilities:

  • Allow unauthorized disclosure of information
  • Allow unauthorized modification
  • Allow disruption of service

These could trigger a DOS (Denial of Service) condition.

The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation vulnerability. The vulnerability only affects Linux kernels prior to 5.0.8, that use the Reliable Datagram Sockets (RDS) for the TCP module

“According to security experts a system that has the rds_tcp kernel module loaded either manually or automatically by a local process, could potentially allow an attacker to manipulate the socket state based on a Use-After-Free (UAF) condition, trigger the memory corruption and privilege escalation on the target system”, reads the security advisory published by the NIST.

Previous similar vulnerabilities:

  1. MiTM vulnerabilities leading to code execution patched in APT
    In January, there was a flaw related with code execution impacting the APT high-level package manager. This vulnerability was described as a ‘content injection in http method’ and it was tracked as CVE-2019-3462 which leads to man in the middle attack. An attacker could execute code with the root privileges on the victim’s system.

2. Similar kind of issue was discovered by Google Project Zero’s Jann Horn in December 2016, which later
patched.

What should you do?

The problem has been patched in version 5.0.8 of the Linux kernel so, users can upgrade to a later kernel version.

If you can’t upgrade, or if you don’t want to deal with kernel compilations and dependencies, you may blacklist the “rds.ko” module.

Note: Right now, there have been no known cases of exploitation and the security experts consider this vulnerability to be very complicated to exploit but, admins or users should upgrade their Linux kernel version is the only preventive step.

 

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2019-11815

https://access.redhat.com/security/cve/cve-2019-11815

 

 

Analysis by:

Swapnil Nigade and Ganesh Lakariya (Security Labs-QA)

Have something to add to this story? Share it in the comments.

Ganesh Lakariya
About Ganesh Lakariya
Ganesh Lakariya is a technical lead in Quality Assurance department at Security Labs. He has 10+ years of experience in security domain & is excellent in...
Articles by Ganesh Lakariya »

2 Comments

Your email address will not be published.

CAPTCHA Image