Bug#928989: linux-image-4.19.0-4-amd64: CVE-2019-11815
Package: src:linux
Version: 4.19.28-2
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8.
There is a race condition leading to a use-after-free, related to net namespace cleanup.
the security-tracker is tracking this issue but there does not seem to be a bug report for it
https://security-tracker.debian.org/tracker/CVE-2019-11815
Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63
currently affects: buster/testing, stable
currently does not affect: sid
-- Package-specific info:
** Version:
Linux version 4.19.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-2)) #1 SMP Debian 4.19.28-2 (2019-03-15)
** Command line:
BOOT_IMAGE=/boot/vmlinuz-4.19.0-4-amd64 root=UUID=6fa86bad-c261-44db-8fc0-f7bd76dc2be3 ro quiet
** Not tainted
** Kernel log:
Unable to read kernel log; any relevant messages should be attached
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages linux-image-4.19.0-4-amd64 depends on:
ii initramfs-tools [linux-initramfs-tool] 0.133
ii kmod 26-1
ii linux-base 4.5
Versions of packages linux-image-4.19.0-4-amd64 recommends:
ii apparmor 2.13.2-10
ii firmware-linux-free 3.4
ii irqbalance 1.5.0-3
Versions of packages linux-image-4.19.0-4-amd64 suggests:
ii debian-kernel-handbook 1.0.19
ii grub-pc 2.02+dfsg1-16
pn linux-doc-4.19 <none>
Versions of packages linux-image-4.19.0-4-amd64 is related to:
pn firmware-amd-graphics <none>
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-cavium <none>
pn firmware-intel-sound <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux-nonfree <none>
pn firmware-misc-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-realtek <none>
pn firmware-samsung <none>
pn firmware-siano <none>
pn firmware-ti-connectivity <none>
pn xen-hypervisor <none>
-- debconf-show failed
Reply to: