CVE-2019-3901LOW
Description
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
References
http://www.securityfocus.com/bid/89937
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
Details
Source: MITRE
Published: 2019-04-22
Updated: 2020-12-04
Type: CWE-667
Risk Information
CVSS v2.0
Base Score: 1.9
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.4
Severity: LOW
CVSS v3.0
Base Score: 4.7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console_for_vmware_vsphere:*:*:*:*:*:*:*:*
Configuration 4
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 144087 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0117) | Nessus | NewStart CGSL Local Security Checks | medium |
| 143971 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0108) | Nessus | NewStart CGSL Local Security Checks | critical |
| 141405 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0043) | Nessus | NewStart CGSL Local Security Checks | high |
| 141400 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0041) | Nessus | NewStart CGSL Local Security Checks | high |
| 138171 | RHEL 7 : kernel (RHSA-2020:2851) | Nessus | Red Hat Local Security Checks | high |
| 137363 | RHEL 7 : kernel (RHSA-2020:2522) | Nessus | Red Hat Local Security Checks | high |
| 135813 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407) | Nessus | Scientific Linux Local Security Checks | high |
| 135316 | CentOS 7 : kernel (CESA-2020:1016) | Nessus | CentOS Local Security Checks | high |
| 135080 | RHEL 7 : kernel (RHSA-2020:1016) | Nessus | Red Hat Local Security Checks | high |
| 135078 | RHEL 7 : kernel-rt (RHSA-2020:1070) | Nessus | Red Hat Local Security Checks | high |
| 126299 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1672) | Nessus | Huawei Local Security Checks | high |
| 126266 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1639) | Nessus | Huawei Local Security Checks | high |
| 125588 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636) | Nessus | Huawei Local Security Checks | high |
| 125564 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1612) | Nessus | Huawei Local Security Checks | high |
| 125515 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1588) | Nessus | Huawei Local Security Checks | medium |
| 125478 | Debian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Debian Local Security Checks | high |