CVE-2019-3901

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.

References

http://www.securityfocus.com/bid/89937

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901

https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

https://security.netapp.com/advisory/ntap-20190517-0005/

Details

Source: MITRE

Published: 2019-04-22

Updated: 2020-12-04

Type: CWE-667

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
154016OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)NessusOracleVM Local Security Checks
high
153964Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9473)NessusOracle Linux Local Security Checks
high
144087NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0117)NessusNewStart CGSL Local Security Checks
high
143971NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0108)NessusNewStart CGSL Local Security Checks
critical
141405NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0043)NessusNewStart CGSL Local Security Checks
high
141400NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0041)NessusNewStart CGSL Local Security Checks
high
138171RHEL 7 : kernel (RHSA-2020:2851)NessusRed Hat Local Security Checks
high
137363RHEL 7 : kernel (RHSA-2020:2522)NessusRed Hat Local Security Checks
high
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
135078RHEL 7 : kernel-rt (RHSA-2020:1070)NessusRed Hat Local Security Checks
high
126299EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1672)NessusHuawei Local Security Checks
high
126266EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1639)NessusHuawei Local Security Checks
high
125588EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)NessusHuawei Local Security Checks
high
125564EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1612)NessusHuawei Local Security Checks
high
125515EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1588)NessusHuawei Local Security Checks
high
125478Debian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusDebian Local Security Checks
high