Linux Kernel Can Be Exploited Remotely; Kernel Prior To 5.0.8 Affected. We keep coming across various security loopholes in different software on a daily basis, but it rarely happens that Linux kernel gets crippled by a high-impact flaw. However, things are looking a bit different today as millions of Linux systems have been found to be affected by a massive flaw.

It’s being reported that the kernel versions prior to 5.0.8 are affected by a race condition vulnerability. For those who aren’t aware, race condition attacks take place when a system designed to perform tasks in a particular sequence is made to perform two or more operations simultaneously. During this state, interference could be caused by a trusted/untrusted process.

In the case of Linux kernels prior to 5.0.8, the race condition flaw was discovered in rds_tcp_kill_sock in net/rds/tcp.c. “There is a race condition leading to a use-after-free, related to net namespace cleanup,” mentions the CVE description of the flaw.

Linux Kernel Can Be Exploited Remotely; Kernel Prior To 5.0.8 Affected

Linux Kernel Can Be Exploited Remotely; Kernel Prior To 5.0.8 Affected

It’s worth noting that on the NIST database, this CVE-2019-11815 vulnerability is listed with a high impact score of 5.9. However, as this flaw is difficult to exploit, it’s been given a low exploitability score of 2.2; the overall base score is 8.1.

For further information, you can also refer to the security advisories from different Linux distributions: DebianRed HatSUSEUbuntu.

Hackers can launch attacks on Linux machines using specially created TCP packets to execute arbitrary code.

It’s worth noting that the flaw has already been fixed during late-March with the release of Linux kernel 5.0.8. So, you’re advised to update your kernel as soon as possible and install the patch.


Related Videos:

Related Posts:

Cybersecurity burnout: 10 most stressful parts of the job(Opens in a new browser tab)

B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers(Opens in a new browser tab)

Who is this Android App Development course for?(Opens in a new browser tab)

Microsoft is building the full Linux kernel into Windows 10 as a way to pry developers away from their Apple MacBooks(Opens in a new browser tab)

It’s Almost Impossible to Tell if Your iPhone Has Been Hacked(Opens in a new browser tab)

Critical flaw allows attackers to take over Cisco Elastic Services Controllers(Opens in a new browser tab)

Python 3 Object Oriented Programming(Opens in a new browser tab)

WhatsApp hacked after attackers install spyware on people’s phone(Opens in a new browser tab)

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution(Opens in a new browser tab)

Learn about JavaScript IF STATEMENTS(Opens in a new browser tab)

Learn about JavaScript ELSE STATEMENTS(Opens in a new browser tab)

Windows 10 gets Arch Linux, one of the trickiest distros around(Opens in a new browser tab)

Introduction to JavaScript – Variables: String Interpolation(Opens in a new browser tab)

CODING WITH CSS: The style attribute(Opens in a new browser tab)

Introduction to JavaScript – Control Flow: if/else Statements(Opens in a new browser tab)

Introduction to JavaScript – Variables: String Interpolation II(Opens in a new browser tab)

Fake Google reCAPTCHA used to hide Android banking malware(Opens in a new browser tab)

How to make a Go-Back Input button with inline JavaScript(Opens in a new browser tab)

Privacy commissioner investigating security of patient health records at Alberta Health Services(Opens in a new browser tab)

GitHub’s and more best FREE guides for Python developers(Opens in a new browser tab)

Hackers Have Just Put 620 Million Accounts Up For Sale On The Dark Web — Are You On The List?(Opens in a new browser tab)

Kodi-04-2019 No Limits Wizard Magic Build for Kodi 18 Leia(Opens in a new browser tab)

What is the Python Software Foundation?(Opens in a new browser tab)