Linux Kernel 4.9 - TCP Socket Handling Use-after-Free (CVE-2019-15239) CVE: CVE-2019-15239 Date Released: 2019-08-14 Author: Deniz Andzakovic Vendor Website: www.debian.org Affected Software: Linux Kernel 4.9.168 Proof of Concept A use-after-free condition exists in the Linux 4.9 kernel TCP socket handling code. The PoC triggers multiple read and write UAF conditions. The PoC causes a kernel crash on Debian. Recommendations Apply security updates included with DSA 4497-1 for Debian. The vulnerability has been addressed in Debian versions 3.16.72-1, 4.9.168-1+deb9u5-deb9u1, and 4.9.168-1+deb9u5. Timeline 2019-05-01: Initial email to Debian security team. 2019-06-05: Debian security team identifies potential fix. 2019-08-14: Vulnerability publicly disclosed.