CVE-2019-11815 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.

View Analysis Description Analysis Description An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 8.1 HIGH Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 9.3 HIGH Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 16 change records found show changes CVE Modified by MITRE 9/02/2019 8:15:15 PM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/4118-1/ [No Types Assigned]



CVE Modified by MITRE 7/29/2019 5:15:11 PM Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html [No Types Assigned]



CVE Modified by MITRE 7/23/2019 3:15:11 AM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/4068-2/ [No Types Assigned]



CVE Modified by MITRE 7/23/2019 2:15:11 AM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/4068-1/ [No Types Assigned]



CVE Modified by MITRE 7/19/2019 5:15:12 AM Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20190719-0003/ [No Types Assigned]



CVE Modified by MITRE 6/18/2019 3:15:11 PM Action Type Old Value New Value Added Reference https://seclists.org/bugtraq/2019/Jun/26 [No Types Assigned]



CVE Modified by MITRE 6/18/2019 10:15:11 AM Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html [No Types Assigned]



CVE Modified by MITRE 6/17/2019 7:15:12 PM Action Type Old Value New Value Added Reference https://www.debian.org/security/2019/dsa-4465 [No Types Assigned]



CVE Modified by MITRE 6/07/2019 3:29:01 AM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/4008-3/ [No Types Assigned]



CVE Modified by MITRE 6/04/2019 9:29:00 PM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/4005-1/ [No Types Assigned]



Added Reference https://usn.ubuntu.com/4008-1/ [No Types Assigned]



CVE Modified by MITRE 5/31/2019 8:29:02 AM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html [No Types Assigned]



CVE Modified by MITRE 5/23/2019 5:29:00 PM Action Type Old Value New Value Added Reference https://support.f5.com/csp/article/K32019083 [No Types Assigned]



CVE Modified by MITRE 5/20/2019 11:29:06 AM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html [No Types Assigned]



CVE Modified by MITRE 5/16/2019 11:29:01 AM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html [No Types Assigned]



CVE Modified by MITRE 5/10/2019 3:29:00 AM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/108283 [No Types Assigned]



Initial Analysis 5/09/2019 12:42:21 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.0.8



Added CVSS V2 (AV:N/AC:M/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-362



Changed Reference Type https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 No Types Assigned



https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 Release Notes, Third Party Advisory



Changed Reference Type https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63 No Types Assigned



https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63 Exploit, Patch, Third Party Advisory



Changed Reference Type https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63 No Types Assigned



https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63 Exploit, Patch, Third Party Advisory



Quick Info CVE Dictionary Entry:

CVE-2019-11815

NVD Published Date:

05/08/2019

NVD Last Modified:

06/07/2019

Source:

MITRE

