PT-2019-4448 · Linux+4 · Linux Kernel+4

Salvatore Bonaccorso

·

Published

2018-05-31

·

Updated

2020-08-18

·

CVE-2019-15239

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.9.190 Linux kernel versions prior to 4.14.139
Description The issue is related to a change in the net/ipv4/tcp output.c component of the Linux kernel, which was incorrectly backported to earlier longterm kernels. This introduced a new vulnerability that can be exploited by a local attacker to trigger multiple use-after-free conditions by adding to a write queue between disconnection and re-connection. This can result in a kernel crash or potentially in privilege escalation.
Recommendations For Linux kernel versions prior to 4.9.190, update to version 4.9.190 or later to resolve the issue. For Linux kernel versions prior to 4.14.139, update to version 4.14.139 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/ipv4/tcp output.c component to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-1825
ALT-PU-2018-1919
BDU:2020-00235
CESA-2019_3979
CVE-2019-15239
DLA-1884-1
DSA-4497-1
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2019:3978
RHSA-2019:3979
RHSA-2019_3978
RHSA-2019_3979
RHSA-2020:0027
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:3215-1
SUSE-SU-2019:3228-1
SUSE-SU-2019:3230-1
SUSE-SU-2019:3249-1
SUSE-SU-2019:3258-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse