[SingCERT] Advisory on Remote Code Execution Vulnerability (CVE-2019-11815) in Linux Operating System

Published on 15 May 2019

Updated on 23 Oct 2019

Background

A Remote Code Execution (RCE) vulnerability (CVE-2019-11815) was found in the Linux kernel, the central part of its operating system (OS). The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 8.1, with high impact on confidentiality, integrity, and availability.

An unauthenticated attacker could exploit this RCE flaw by sending network packets with malicious payloads to a vulnerable Linux machine, tricking it into running the arbitrary code. The attacker can also trigger a Denial of Service condition on the OS.

Affected Software

Linux kernel versions before 5.0.8

Impact

Successful exploitation of this vulnerability could lead to a full compromise of the system, allowing an attacker to perform malicious activities such as the unauthorised installation of programs, creation of rogue administrator accounts, and alteration and theft of data.

Recommendations

Affected users and system administrators of Debian, Ubuntu, and other Linux distributions are advised to download and install the security updates immediately.

To update the Linux kernel:

  1. Check your current Kernel version. At a terminal window, type: uname –sr
  2. Update the repositories. At the terminal, type: sudo apt-get update
  3. Run the upgrade. While still in the terminal, type: sudo apt-get dist-upgrade
 

References

https://www.bleepingcomputer.com/news/security/linux-kernel-prior-to-508-vulnerable-to-remote-code-execution/
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11815.html