CVE-2019-15239
kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
En el kernel de Linux, un cierto cambio del archivo net/ipv4/tcp_output.c, que fue incorporado apropiadamente en versión 4.16.12, fue respaldado incorrectamente en los primeros kernels a largo plazo, introduciendo una nueva vulnerabilidad que era potencialmente más severa que el problema que se pretendía solucionar mediante respaldo. Específicamente, añadiendo a una cola de escritura entre la desconexión y la reconexión, un atacante local puede desencadenar múltiples condiciones de uso de la memoria previamente liberada. Esto puede resultar en un bloqueo del kernel, o potencialmente en una escalada de privilegios. NOTA: esto afecta (por ejemplo) a las distribuciones de Linux que usan kernels de versiones 4.9.x a largo plazo anteriores a 4.9.190 o kernels de versiones 4.14.x a largo plazo anteriores a 4.14.139.
A flaw was found in the way the Linux kernel's networking subsystem handled the write queue between TCP disconnection and re-connections. A local attacker could use this flaw to trigger multiple use-after-free conditions potentially escalating their privileges on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-20 CVE Reserved
- 2019-08-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://lore.kernel.org/stable/41a61a2f87691d2bc839f26cdfe6f5ff2f51e472.camel%40decadent.org.uk | X_refsource_misc | |
| https://salsa.debian.org/kernel-team/kernel-sec/blob/f6273af2d956a87296b6b60379d0a186c9be4bbc/active/CVE-2019-15239 | Third Party Advisory | |
| https://www.debian.org/security/2019/dsa-4497 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f582b248d0a86bae5788c548d7bb5bca6f7691a | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16.12 Search vendor "Linux" for product "Linux Kernel" and version "4.16.12" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||