[PATCH 0/1][B] Fix for CVE-2019-11815o

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Jun 4 06:47:09 UTC 2019


> An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux
> kernel before 5.0.8. There is a race condition leading to a use-after-free,
> related to net namespace cleanup.
-- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11815.html

While the RDS protocol is blacklisted by default in Ubuntu this may be still
useful for people using the module manually, especially in container
environments where some should be able to use it without security implications
for others or even the host. But still, priority for this is low, as the note
in the Ubuntu CVE link above, IMO, correctly argues.

Clean cherry pick, build and boot tested on amd64.

Regression potential: Low. This patch touches a by default blacklisted module
only, so all those not manually loading, or removing the default blacklist,
cannot run into regressions. Further, upstream has taken this in over two
months ago with no report of breakage regarding this, AFAIS.

Mao Wenan (1):
  net: rds: force to destroy connection if t_sock is NULL in
    rds_tcp_kill_sock().

 net/rds/tcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.20.1





More information about the kernel-team mailing list