Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

A cybersecurity alert was issued Tuesday, May 14, 2019, regarding a vulnerability in Linux Kernel prior to 5.0.8. The vulnerability could allow for remote code execution.

What It Is:
Linux Kernel is part of the Linux Operating System. This system is employed in embedded devices such as smartphones, servers, firewalls, appliances, etc. Linux Kernel is prone to a race-condition vulnerability. An attacker can exploit this issue to cause a denial of service and execute arbitrary code. This affects the distribution of Red Hat, Ubuntu, Debian, and Centos as well as other distributions.

See updates for Linux Kernel CVE-2019-11815 Race Condition Vulnerability from NIST.

Read more about this Linux Kernel vulnerability now at BleepingComputer.

Threat Intelligence:
There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected:

• Linux kernel versions prior to 5.0.8 are vulnerable.

Risk:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: High

What It Means:
If you and/or your business utilize distributions employing a Linux Operating System, you will need to download the appropriate update for your device(s) following proper testing.

What To Do:
Dox recommends that users and administrators run proper testing before applying the appropriate updates for affected devices and:

• Keep operating system patches up-to-date.
• Stay aware of this vulnerability and watch for updated information from your security vendors and from your operating system vendors to ensure you have received the latest patches to address this vulnerability.
• Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in the Linux Operating System including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.