Linux kernel flaw allows remote execution
Millions of Linux systems could be vulnerable to a high-impact, race condition flaw in the Linux kernel. Kernel versions prior to 5.0.8 are affected by the vulnerability, which exists in the rds_tcp_kill_sock in net/rds/tcp.c. There is a race condition leading to a use-after-free. Linux issued a new kernel version on April 17, but the bug itself wasn't widely reported. Major Linux distributions such as Debian, Red Hat, SUSE and Ubuntu have issued updates in the last week.
A race condition happens when a process consisting of specific tasks that are meant to occur in a particular sequence is confused by a request to perform two or more operations simultaneously. During that confusion, a rogue process could be inserted. Hackers could exploit the bug by sending specially created TCP packets remotely, to trigger a UAF situation related to net namespace cleanup. UAF is a class of memory corruption flaw that can lead to system crashes and the ability for an attacker to execute arbitrary code.
A NIST National Vulnerability Database write-up on the flaw said that an attacker could exploit the bug without any elevated privileges, without authentication and with no user interaction. Nonetheless, the vulnerability is difficult to exploit, with a low exploitability score of 2.2 according to the CVSS v3.0 index; the overall base score is 8.1. Linux and the distributions list the flaw as having anywhere between high- to moderate-impact.
Linux kernel bugs are rare. Last fall, two vulnerabilities were found in the Linux kernel within a week of each other. One was a cache invalidation bug, which could allow hackers to gain root privileges on the targeted system, and the other was a local-privilege escalation issue.