CVE-2019-11599

MEDIUM

Description

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html

http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html

http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

http://www.openwall.com/lists/oss-security/2019/04/29/1

http://www.openwall.com/lists/oss-security/2019/04/29/2

http://www.openwall.com/lists/oss-security/2019/04/30/1

http://www.securityfocus.com/bid/108113

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:3517

https://access.redhat.com/errata/RHSA-2020:0100

https://access.redhat.com/errata/RHSA-2020:0103

https://access.redhat.com/errata/RHSA-2020:0179

https://access.redhat.com/errata/RHSA-2020:0543

https://bugs.chromium.org/p/project-zero/issues/detail?id=1790

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a

https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

https://seclists.org/bugtraq/2019/Jul/33

https://seclists.org/bugtraq/2019/Jun/26

https://security.netapp.com/advisory/ntap-20190517-0002/

https://security.netapp.com/advisory/ntap-20200608-0001/

https://support.f5.com/csp/article/K51674118

https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS

https://usn.ubuntu.com/4069-1/

https://usn.ubuntu.com/4069-2/

https://usn.ubuntu.com/4095-1/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4118-1/

https://www.debian.org/security/2019/dsa-4465

https://www.exploit-db.com/exploits/46781/

Details

Source: MITRE

Published: 2019-04-29

Updated: 2020-08-24

Type: CWE-667

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3.0

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH