CVE-2019-11599

high

Description

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

References

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.exploit-db.com/exploits/46781/

https://www.debian.org/security/2019/dsa-4465

https://usn.ubuntu.com/4118-1/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4095-1/

https://usn.ubuntu.com/4069-2/

https://usn.ubuntu.com/4069-1/

https://support.f5.com/csp/article/K51674118?utm_source=f5support&amp%3Butm_medium=RSS

https://support.f5.com/csp/article/K51674118

https://security.netapp.com/advisory/ntap-20200608-0001/

https://security.netapp.com/advisory/ntap-20190517-0002/

https://seclists.org/bugtraq/2019/Jun/26

https://seclists.org/bugtraq/2019/Jul/33

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114

https://bugs.chromium.org/p/project-zero/issues/detail?id=1790

https://access.redhat.com/errata/RHSA-2020:0543

https://access.redhat.com/errata/RHSA-2020:0179

https://access.redhat.com/errata/RHSA-2020:0103

https://access.redhat.com/errata/RHSA-2020:0100

https://access.redhat.com/errata/RHSA-2019:3517

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:2029

http://www.securityfocus.com/bid/108113

http://www.openwall.com/lists/oss-security/2019/04/30/1

http://www.openwall.com/lists/oss-security/2019/04/29/2

http://www.openwall.com/lists/oss-security/2019/04/29/1

http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html

Details

Source: Mitre, NVD

Published: 2019-04-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High