Linux kernel RDS flaw affects Red Hat, Ubuntu, Debian and SUSE
If you're not in the habit of keeping up to date with the latest version of the Linux kernel, now might be a good time to think about doing so. Systems based on versions of the kernel older than 5.0.8 suffer from a severe flaw in the implementation of RDS over TCP.
Left unpatched, the flaw could enable an attacker to compromise a system. The National Vulnerability Database entry says: "There is a race condition leading to a use-after-free, related to net namespace cleanup".
Red Hat, Ubuntu, Debian and SUSE are all affected by the flaw, and security advisories have been issued for each Linux distro. It is worth noting that the "attack complexity" is rated as being "high", so while the impact of the security hole could be serious, the changes of a successful attack are relatively slim.
In its analysis of the flaw, Red Hat says:
A flaw was found in the Linux kernel's implementation of RDS over TCP. A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a use after free (UAF) in which an attacker who is able to manipulate socket state while a network namespace is being torn down. This can lead to possible memory corruption and privilege escalation.
When it comes to Ubuntu, the report from Canonical is a little more relaxed, with Seth Arnold saying:
I haven't yet seen evidence to support allegations that this is remotely exploitable. Blacklisting rds.ko module is probably sufficient to prevent the vulnerable code from loading. The default configuration of the kmod package has included RDS in /etc/modprobe.d/blacklist-rare-network.conf since 14.04 LTS. I'm dropping priority as a result.
The problem has been patched in version 5.0.8 of the Linux kernel, anyway, so if you haven't done so already, get updated.