Linux kernel versions up to 5.0.8 are vulnerable to remote code execution
To exploit the vulnerability neither authorization nor user involvement is required.
Linux distributions with a kernel version up to 5.0.8 are vulnerable to concurrency ambiguity or the so-called “race condition” (race condition), which can lead to memory usage after being released.
The problem affects the TCP / IP rds_tcp_kill_sock implementation in net / rds / tcp.c and allows an attacker to cause a denial of service or remotely execute code on a vulnerable Linux machine. You can exploit the vulnerability by sending specially configured TCP packets to vulnerable systems that can cause memory usage errors after it is released. Neither authorization nor user participation is required to launch an attack.
Vulnerability assigned an identifier CVE-2019-11815 (for Red Hat, Ubuntu, SUSE and Debian). According to CVSS 3.0, with its help, a potential attacker can access all resources, modify any files and block access to resources.
Patches for vulnerabilities were released during March of this year. The problem is fixed in the kernel version of Linux 5.0.8, released on April 17th.