Login Sign Up

CVE-2019-15239

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's TCP implementation that was introduced through an incorrect backport of a security fix. A local attacker can trigger kernel crashes or potentially escalate privileges by manipulating TCP write queues during disconnection and reconnection. This primarily affects systems running longterm Linux kernel versions 4.9.x before 4.9.190 or 4.14.x before 4.14.139.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel 4.9.x before 4.9.190, 4.14.x before 4.14.139
Operating Systems: Linux distributions using affected kernel versions (e.g., RHEL, CentOS, Ubuntu, SUSE)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects specific longterm kernel branches where the incorrect backport was applied. Mainline kernels and other longterm branches are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, kernel panic causing system crashes, or denial of service.

🟠

Likely Case

Kernel crash leading to system instability or denial of service, with privilege escalation being more difficult to achieve reliably.

🟢

If Mitigated

Limited impact if proper access controls restrict local user access and systems are isolated from untrusted users.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access to the system.
🏢 Internal Only: HIGH - Any user with local shell access can potentially exploit this vulnerability to crash the system or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and manipulation of TCP sockets during specific timing windows. The vulnerability was discovered through code analysis rather than active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 4.9.190, 4.14.139, or later versions in those series

Vendor Advisory: https://access.redhat.com/errata/RHSA-2019:3978

Restart Required: Yes

Instructions:

1. Update kernel package using your distribution's package manager (yum update kernel, apt-get upgrade linux-image, etc.)
2. Reboot the system to load the new kernel
3. Verify the kernel version matches or exceeds the patched versions

🔧 Temporary Workarounds

Restrict local user access

linux

Limit shell access to trusted users only to reduce attack surface

# Review and restrict user accounts with shell access
cat /etc/passwd | grep -E '(/bin/bash|/bin/sh)'
# Use access controls like sudo restrictions, SELinux/AppArmor policies

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts and shell access
  • Monitor system logs for kernel panics or unusual TCP socket activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is 4.9.x and < 4.9.190, or 4.14.x and < 4.14.139, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

After patching and reboot, verify kernel version with uname -r shows 4.9.190+, 4.14.139+, or a different unaffected kernel series.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages or dmesg
  • TCP socket errors or unusual socket operations in system logs

Network Indicators:

  • No network indicators - this is a local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND ("tcp" OR "socket")

📊 Metadata

CVE ID: CVE-2019-15239
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: August 20, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15239, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)