cbcvebase.
CVE-2019-11599
published 2020-05-08

CVE-2019-11599: The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause…

PriorityP433high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EXPLOIT
EPSS
0.99%
58.1th percentile
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

Affected

19 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 4.19.37-1 (bookworm)linux 4.19.37-1 (bookworm)
debianlinux
googleandroid
linuxlinux_kernel
linuxlinux_kernel>= 0 < 4.19.37-14.19.37-1
linuxlinux_kernel>= 0 < 4.19.37-14.19.37-1
linuxlinux_kernel>= 0 < 4.19.37-14.19.37-1
linuxlinux_kernel>= 0 < 4.19.37-14.19.37-1
linuxlinux_kernel>= 0 < 4.4.0-159.1874.4.0-159.187
linuxlinux_kernel>= 0 < 4.15.0-62.694.15.0-62.69
linuxlinux_kernel>= 0 < 4.15.0-60.674.15.0-60.67
linuxlinux_kernel>= 2.16.12 < 3.16.663.16.66
linuxlinux_kernel>= 3.17 < 4.4.1834.4.183
linuxlinux_kernel>= 4.10 < 4.14.1144.14.114
linuxlinux_kernel>= 4.15 < 4.19.374.19.37
linuxlinux_kernel>= 4.20 < 5.0.105.0.10
linuxlinux_kernel>= 4.5 < 4.9.1884.9.188
linux_kernelkernel< 5.0.105.0.10
redhatenterprise_mrg

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.