Vulnerability in Linux kernel allows remote code execution

May 14, 2019

Linux systems based on kernel versions prior to 5.0.8 are affected by a race condition vulnerability CVE-2019-11815 leading to a use after free that could be exploited by hackers to get remote code execution. Attackers can trigger the race condition issue that resides in the rds_tcp_kill_sock TCP/IP implementation in net/rds/tcp.c to cause a denial-of-service (DoS) condition and to execute code remotely on vulnerable Linux machines. The vulnerability could be exploited by sending specially crafted TCP packets to vulnerable Linux systems. The development team of Linux kernel already released a security patch that addressed the flaw at the end of March. The vulnerability was completely fixed with the release of Linux kernel 5.0.8 version.

Below the security advisories published by the major Linux distributions:
Debian
Red Hat
SUSE
Ubuntu