Hide Forgot
A flaw was found in the linux kernels implementation of RDS over TCP. A system that has the rds_tcp kernel module loaded (either through autoload via local process running listen(), or manual loading) could possibly cause a kernel panic. Reference and upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91573ae4aed0a49660abdad4d42f2a0db995ee5e
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1772528]
This does not impact any currently supported Fedora kernel.
Mitigation: While this is a network protocol being affected, the protocol is not available by default. A local process (or user) can trigger the protocol to be used which will then be loaded automatically would then have the vulnerable code loaded and the attack vector opened. To reiterate it is unlikely that most Linux systems will be using this protocol and therefore affected. Most systems do _NOT_ have this protocol used by services. This is an infrequently used module and if you wish to blacklist it, you can follow the steps outlined in https://access.redhat.com/solutions/41278 to blacklist the "rds_tcp" module for the relevant version of Red Hat Enterprise Linux.
Rating this as a low, as it's not in use by default, there are not many services even use RDS over TCP and it crashes the system, no privilege escalation the initial investigation. If this affects your system in another way, please feel free to lodge a support case, it is not compiled/enabled for rhel 7 and 8 based kernels.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-18680