CVE-2019-11190

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://www.openwall.com/lists/oss-security/2019/04/15/1

http://www.securityfocus.com/bid/107890

https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=a5b5352558f6808db0589644ea5401b3e3148a0d

https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=e1676b55d874a43646e8b2c46d87f2f3e45516ff

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

https://usn.ubuntu.com/4008-1/

https://usn.ubuntu.com/4008-2/

https://usn.ubuntu.com/4008-3/

https://www.openwall.com/lists/oss-security/2019/04/03/4

https://www.openwall.com/lists/oss-security/2019/04/03/4/1

Details

Source: MITRE

Published: 2019-04-12

Updated: 2019-06-07

Type: CWE-362

Risk Information

CVSS v2

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
150662SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14089-1)NessusSuSE Local Security Checks
high
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
135078RHEL 7 : kernel-rt (RHSA-2020:1070)NessusRed Hat Local Security Checks
high
126240SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126121Photon OS 1.0: Linux PHSA-2019-1.0-0236NessusPhotonOS Local Security Checks
high
126033openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
125995SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125994SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125993SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125990SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125768Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-4008-3)NessusUbuntu Local Security Checks
high
125767Ubuntu 16.04 LTS : apparmor update (USN-4008-2)NessusUbuntu Local Security Checks
high
125726Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4008-1)NessusUbuntu Local Security Checks
high
125615OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0022)NessusOracleVM Local Security Checks
medium
125587EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635)NessusHuawei Local Security Checks
high
125514EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587)NessusHuawei Local Security Checks
high
125513EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)NessusHuawei Local Security Checks
high
125478Debian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusDebian Local Security Checks
high
125238Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4646)NessusOracle Linux Local Security Checks
medium
125237Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4644)NessusOracle Linux Local Security Checks
medium
125235Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4642)NessusOracle Linux Local Security Checks
medium
124431EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)NessusHuawei Local Security Checks
high