1. CVE-Search
  2. CVE-2019-15239
ID CVE-2019-15239
Summary In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:4.16.12:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:4.16.12:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 18-08-2020 - 15:05)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1762889
    title kernel-rt: update to the RHEL7.7.z batch#3 source tree
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • comment kernel-rt earlier than 0:3.10.0-1062.7.1.rt56.1030.el7 is currently running
          oval oval:com.redhat.rhsa:tst:20193978021
        • comment kernel-rt earlier than 0:3.10.0-1062.7.1.rt56.1030.el7 is set to boot up on next boot
          oval oval:com.redhat.rhsa:tst:20193978022
      • OR
        • AND
          • comment kernel-rt is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978001
          • comment kernel-rt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727002
        • AND
          • comment kernel-rt-debug is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978003
          • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727004
        • AND
          • comment kernel-rt-debug-devel is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978005
          • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727006
        • AND
          • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978007
          • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160212008
        • AND
          • comment kernel-rt-devel is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978009
          • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727008
        • AND
          • comment kernel-rt-doc is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978011
          • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727010
        • AND
          • comment kernel-rt-kvm is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978013
          • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160212014
        • AND
          • comment kernel-rt-trace is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978015
          • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727012
        • AND
          • comment kernel-rt-trace-devel is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978017
          • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727014
        • AND
          • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-1062.7.1.rt56.1030.el7
            oval oval:com.redhat.rhsa:tst:20193978019
          • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160212020
    rhsa
    id RHSA-2019:3978
    released 2019-11-26
    severity Important
    title RHSA-2019:3978: kernel-rt security and bug fix update (Important)
  • bugzilla
    id 1747353
    title CVE-2019-15239 kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • comment kernel earlier than 0:3.10.0-1062.7.1.el7 is currently running
          oval oval:com.redhat.rhsa:tst:20193978021
        • comment kernel earlier than 0:3.10.0-1062.7.1.el7 is set to boot up on next boot
          oval oval:com.redhat.rhsa:tst:20193979034
      • OR
        • AND
          • comment bpftool is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979001
          • comment bpftool is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183083002
        • AND
          • comment kernel is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979003
          • comment kernel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842002
        • AND
          • comment kernel-abi-whitelists is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979005
          • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131645004
        • AND
          • comment kernel-bootwrapper is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979007
          • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842004
        • AND
          • comment kernel-debug is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979009
          • comment kernel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842006
        • AND
          • comment kernel-debug-devel is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979011
          • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842008
        • AND
          • comment kernel-devel is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979013
          • comment kernel-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842010
        • AND
          • comment kernel-doc is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979015
          • comment kernel-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842012
        • AND
          • comment kernel-headers is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979017
          • comment kernel-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842016
        • AND
          • comment kernel-kdump is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979019
          • comment kernel-kdump is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842018
        • AND
          • comment kernel-kdump-devel is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979021
          • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842020
        • AND
          • comment kernel-tools is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979023
          • comment kernel-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140678022
        • AND
          • comment kernel-tools-libs is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979025
          • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140678024
        • AND
          • comment kernel-tools-libs-devel is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979027
          • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140678026
        • AND
          • comment perf is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979029
          • comment perf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842022
        • AND
          • comment python-perf is earlier than 0:3.10.0-1062.7.1.el7
            oval oval:com.redhat.rhsa:tst:20193979031
          • comment python-perf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111530024
    rhsa
    id RHSA-2019:3979
    released 2019-11-26
    severity Important
    title RHSA-2019:3979: kernel security and bug fix update (Important)
  • bugzilla
    id 1747353
    title CVE-2019-15239 kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • OR
            • comment kernel version 0:3.10.0-1062.el7 is currently running
              oval oval:com.redhat.rhsa:tst:20192854012
            • comment kernel version 0:3.10.0-1062.el7 is set to boot up on next boot
              oval oval:com.redhat.rhsa:tst:20200027007
          • AND
            • comment kernel version equals 0:3.10.0-1062.el7
              oval oval:com.redhat.rhsa:tst:20192854008
            • comment kernel is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20100842002
            • OR
              • comment kpatch-patch not installed for 0:3.10.0-1062.el7
                oval oval:com.redhat.rhsa:tst:20192854009
              • AND
                • comment kpatch-patch-3_10_0-1062 is earlier than 0:1-11.el7
                  oval oval:com.redhat.rhsa:tst:20200027004
                • comment kpatch-patch-3_10_0-1062 is signed with Red Hat redhatrelease2 key
                  oval oval:com.redhat.rhsa:tst:20192854011
        • AND
          • OR
            • comment kernel version 0:3.10.0-1062.4.1.el7 is currently running
              oval oval:com.redhat.rhsa:tst:20200027012
            • comment kernel version 0:3.10.0-1062.4.1.el7 is set to boot up on next boot
              oval oval:com.redhat.rhsa:tst:20200027013
          • AND
            • comment kernel version equals 0:3.10.0-1062.4.1.el7
              oval oval:com.redhat.rhsa:tst:20200027008
            • comment kernel is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20100842002
            • OR
              • comment kpatch-patch not installed for 0:3.10.0-1062.4.1.el7
                oval oval:com.redhat.rhsa:tst:20200027009
              • AND
                • comment kpatch-patch-3_10_0-1062_4_1 is earlier than 0:1-6.el7
                  oval oval:com.redhat.rhsa:tst:20200027010
                • comment kpatch-patch-3_10_0-1062_4_1 is signed with Red Hat redhatrelease2 key
                  oval oval:com.redhat.rhsa:tst:20200027011
        • AND
          • OR
            • comment kernel version 0:3.10.0-1062.1.2.el7 is currently running
              oval oval:com.redhat.rhsa:tst:20193076018
            • comment kernel version 0:3.10.0-1062.1.2.el7 is set to boot up on next boot
              oval oval:com.redhat.rhsa:tst:20200027019
          • AND
            • comment kernel version equals 0:3.10.0-1062.1.2.el7
              oval oval:com.redhat.rhsa:tst:20193076014
            • comment kernel is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20100842002
            • OR
              • comment kpatch-patch not installed for 0:3.10.0-1062.1.2.el7
                oval oval:com.redhat.rhsa:tst:20193076015
              • AND
                • comment kpatch-patch-3_10_0-1062_1_2 is earlier than 0:1-9.el7
                  oval oval:com.redhat.rhsa:tst:20200027016
                • comment kpatch-patch-3_10_0-1062_1_2 is signed with Red Hat redhatrelease2 key
                  oval oval:com.redhat.rhsa:tst:20193076017
        • AND
          • OR
            • comment kernel version 0:3.10.0-1062.1.1.el7 is currently running
              oval oval:com.redhat.rhsa:tst:20192854006
            • comment kernel version 0:3.10.0-1062.1.1.el7 is set to boot up on next boot
              oval oval:com.redhat.rhsa:tst:20200027025
          • AND
            • comment kernel version equals 0:3.10.0-1062.1.1.el7
              oval oval:com.redhat.rhsa:tst:20192854001
            • comment kernel is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20100842002
            • OR
              • comment kpatch-patch not installed for 0:3.10.0-1062.1.1.el7
                oval oval:com.redhat.rhsa:tst:20192854003
              • AND
                • comment kpatch-patch-3_10_0-1062_1_1 is earlier than 0:1-10.el7
                  oval oval:com.redhat.rhsa:tst:20200027022
                • comment kpatch-patch-3_10_0-1062_1_1 is signed with Red Hat redhatrelease2 key
                  oval oval:com.redhat.rhsa:tst:20192854005
        • AND
          • OR
            • comment kernel version 0:3.10.0-1062.4.2.el7 is currently running
              oval oval:com.redhat.rhsa:tst:20200027030
            • comment kernel version 0:3.10.0-1062.4.2.el7 is set to boot up on next boot
              oval oval:com.redhat.rhsa:tst:20200027031
          • AND
            • comment kernel version equals 0:3.10.0-1062.4.2.el7
              oval oval:com.redhat.rhsa:tst:20200027026
            • comment kernel is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20100842002
            • OR
              • comment kpatch-patch not installed for 0:3.10.0-1062.4.2.el7
                oval oval:com.redhat.rhsa:tst:20200027027
              • AND
                • comment kpatch-patch-3_10_0-1062_4_2 is earlier than 0:1-3.el7
                  oval oval:com.redhat.rhsa:tst:20200027028
                • comment kpatch-patch-3_10_0-1062_4_2 is signed with Red Hat redhatrelease2 key
                  oval oval:com.redhat.rhsa:tst:20200027029
        • AND
          • OR
            • comment kernel version 0:3.10.0-1062.4.3.el7 is currently running
              oval oval:com.redhat.rhsa:tst:20200027036
            • comment kernel version 0:3.10.0-1062.4.3.el7 is set to boot up on next boot
              oval oval:com.redhat.rhsa:tst:20200027037
          • AND
            • comment kernel version equals 0:3.10.0-1062.4.3.el7
              oval oval:com.redhat.rhsa:tst:20200027032
            • comment kernel is signed with Red Hat redhatrelease2 key
              oval oval:com.redhat.rhsa:tst:20100842002
            • OR
              • comment kpatch-patch not installed for 0:3.10.0-1062.4.3.el7
                oval oval:com.redhat.rhsa:tst:20200027033
              • AND
                • comment kpatch-patch-3_10_0-1062_4_3 is earlier than 0:1-3.el7
                  oval oval:com.redhat.rhsa:tst:20200027034
                • comment kpatch-patch-3_10_0-1062_4_3 is signed with Red Hat redhatrelease2 key
                  oval oval:com.redhat.rhsa:tst:20200027035
    rhsa
    id RHSA-2020:0027
    released 2020-01-06
    severity Important
    title RHSA-2020:0027: kpatch-patch security update (Important)
rpms
  • kernel-rt-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debug-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debug-devel-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debug-kvm-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debuginfo-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-devel-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-doc-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-kvm-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-trace-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-trace-devel-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-trace-kvm-0:3.10.0-1062.7.1.rt56.1030.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1062.7.1.rt56.1030.el7
  • bpftool-0:3.10.0-1062.7.1.el7
  • bpftool-debuginfo-0:3.10.0-1062.7.1.el7
  • kernel-0:3.10.0-1062.7.1.el7
  • kernel-abi-whitelists-0:3.10.0-1062.7.1.el7
  • kernel-bootwrapper-0:3.10.0-1062.7.1.el7
  • kernel-debug-0:3.10.0-1062.7.1.el7
  • kernel-debug-debuginfo-0:3.10.0-1062.7.1.el7
  • kernel-debug-devel-0:3.10.0-1062.7.1.el7
  • kernel-debuginfo-0:3.10.0-1062.7.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1062.7.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1062.7.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1062.7.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1062.7.1.el7
  • kernel-devel-0:3.10.0-1062.7.1.el7
  • kernel-doc-0:3.10.0-1062.7.1.el7
  • kernel-headers-0:3.10.0-1062.7.1.el7
  • kernel-kdump-0:3.10.0-1062.7.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-1062.7.1.el7
  • kernel-kdump-devel-0:3.10.0-1062.7.1.el7
  • kernel-tools-0:3.10.0-1062.7.1.el7
  • kernel-tools-debuginfo-0:3.10.0-1062.7.1.el7
  • kernel-tools-libs-0:3.10.0-1062.7.1.el7
  • kernel-tools-libs-devel-0:3.10.0-1062.7.1.el7
  • perf-0:3.10.0-1062.7.1.el7
  • perf-debuginfo-0:3.10.0-1062.7.1.el7
  • python-perf-0:3.10.0-1062.7.1.el7
  • python-perf-debuginfo-0:3.10.0-1062.7.1.el7
  • kpatch-patch-3_10_0-1062-0:1-11.el7
  • kpatch-patch-3_10_0-1062-debuginfo-0:1-11.el7
  • kpatch-patch-3_10_0-1062_1_1-0:1-10.el7
  • kpatch-patch-3_10_0-1062_1_1-debuginfo-0:1-10.el7
  • kpatch-patch-3_10_0-1062_1_2-0:1-9.el7
  • kpatch-patch-3_10_0-1062_1_2-debuginfo-0:1-9.el7
  • kpatch-patch-3_10_0-1062_4_1-0:1-6.el7
  • kpatch-patch-3_10_0-1062_4_1-debuginfo-0:1-6.el7
  • kpatch-patch-3_10_0-1062_4_2-0:1-3.el7
  • kpatch-patch-3_10_0-1062_4_3-0:1-3.el7
refmap via4
misc
suse
  • openSUSE-SU-2019:2173
  • openSUSE-SU-2019:2181
Last major update 18-08-2020 - 15:05
Published 20-08-2019 - 08:15
Last modified 18-08-2020 - 15:05
Back to Top