CVE-2019-11190

MEDIUM

Description

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://www.openwall.com/lists/oss-security/2019/04/15/1

http://www.securityfocus.com/bid/107890

https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=a5b5352558f6808db0589644ea5401b3e3148a0d

https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=e1676b55d874a43646e8b2c46d87f2f3e45516ff

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

https://usn.ubuntu.com/4008-1/

https://usn.ubuntu.com/4008-2/

https://usn.ubuntu.com/4008-3/

https://www.openwall.com/lists/oss-security/2019/04/03/4

https://www.openwall.com/lists/oss-security/2019/04/03/4/1

Details

Source: MITRE

Published: 2019-04-12

Updated: 2019-06-07

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
135078RHEL 7 : kernel-rt (RHSA-2020:1070)NessusRed Hat Local Security Checks
high
126240SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126121Photon OS 1.0: Linux PHSA-2019-1.0-0236NessusPhotonOS Local Security Checks
high
126033openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
125995SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125994SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125993SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125990SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125768Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-4008-3)NessusUbuntu Local Security Checks
high
125767Ubuntu 16.04 LTS : apparmor update (USN-4008-2)NessusUbuntu Local Security Checks
high
125726Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4008-1)NessusUbuntu Local Security Checks
high
125615OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0022)NessusOracleVM Local Security Checks
medium
125587EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635)NessusHuawei Local Security Checks
high
125514EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587)NessusHuawei Local Security Checks
high
125513EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)NessusHuawei Local Security Checks
high
125478Debian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusDebian Local Security Checks
high
125238Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4646)NessusOracle Linux Local Security Checks
medium
125237Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4644)NessusOracle Linux Local Security Checks
high
125235Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4642)NessusOracle Linux Local Security Checks
medium
124431EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)NessusHuawei Local Security Checks
high