CVE-2019-11599
published 2020-05-08CVE-2019-11599: The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause…
PriorityP433high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EXPLOIT
EPSS
0.99%
58.1th percentile
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.19.37-1 (bookworm) | linux 4.19.37-1 (bookworm) |
| debian | linux | — | — |
| android | — | — | |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.4.0-159.187 | 4.4.0-159.187 |
| linux | linux_kernel | >= 0 < 4.15.0-62.69 | 4.15.0-62.69 |
| linux | linux_kernel | >= 0 < 4.15.0-60.67 | 4.15.0-60.67 |
| linux | linux_kernel | >= 2.16.12 < 3.16.66 | 3.16.66 |
| linux | linux_kernel | >= 3.17 < 4.4.183 | 4.4.183 |
| linux | linux_kernel | >= 4.10 < 4.14.114 | 4.14.114 |
| linux | linux_kernel | >= 4.15 < 4.19.37 | 4.19.37 |
| linux | linux_kernel | >= 4.20 < 5.0.10 | 5.0.10 |
| linux | linux_kernel | >= 4.5 < 4.9.188 | 4.9.188 |
| linux_kernel | kernel | < 5.0.10 | 5.0.10 |
| redhat | enterprise_mrg | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2019-11599: Memory Map Subsystem
vendor_android·2020-02-01·CVSS 7.0
CVE-2019-11599 [HIGH] CVE-2019-11599: Memory Map Subsystem
Android Security Bulletin 2020-02-01
CVE: CVE-2019-11599
Severity: HIGH
Type: EoP
Component: Memory Map Subsystem
References: A-131964235
Upstream kernel
[2]
Red Hat
kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
vendor_redhat·2019-11-20·CVSS 7.8
CVE-2019-14898 [HIGH] CWE-821 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Statement: The Red Hat Enterprise Linux 7 kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 rele
Ubuntu
Linux kernel regression
vendor_ubuntu·2019-09-11·CVSS 4.6
[MEDIUM] Linux kernel regression
Title: Linux kernel regression
Summary: USN 4115-1 introduced a regression in the Linux kernel.
USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu
18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update,
a regression was introduced that caused a kernel crash when handling
fragmented packets in some situations. This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver
in the Linux kernel did not properly validate metadata received from the
device. A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2018-19985)
Zhipeng Xie discovered that an infinite loop could triggered in the CFS
Linux kernel proc
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2019-09-02·CVSS 3.3
CVE-2018-13053 [LOW] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the alarmtimer implementation in the Linux kernel
contained an integer overflow vulnerability. A local attacker could use
this to cause a denial of service. (CVE-2018-13053)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
Wen Xu discovered that the f2fs file system implementation in the Linux
kernel did not properly validate metadata. An attacker could use this to
construct a malicious f2fs image that, when mounted, could cause a denial
of serv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-09-02·CVSS 4.6
CVE-2018-19985 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver
in the Linux kernel did not properly validate metadata received from the
device. A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2018-19985)
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS
Linux kernel process scheduler. A local attacker could possibly use this to
cause a denial of service. (CVE-2018-20784)
It was discovered that the Intel Wi-Fi device driver in the Linux kernel did
not properly validate certain Tunneled Direct Link Setup (TDLS). A
physically proximate attacker could use this to cause a denial of service
(Wi-Fi disconnec
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-08-13·CVSS 6.8
CVE-2018-5383 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in
the Linux kernel did not properly validate elliptic curve parameters during
Diffie-Hellman key exchange in some situations. An attacker could use this
to expose sensitive information. (CVE-2018-5383)
It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-10126)
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors
incorrectly handle SWAPGS instructions during speculative execution. A
local attacker could use this to expose
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2019-08-01·CVSS 7.8
CVE-2019-11487 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.
It was discovered that an integer overflow existed in the Linux kernel when
reference counting pages, leading to potential use-after-free issues. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11487)
Jann Horn discovered that a race condition existed in the Linux kernel when
performing core dumps. A local attacker could use this to cause a denial of
service (system crash) or expose sensitive information. (
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-07-23·CVSS 7.8
CVE-2019-11487 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that an integer overflow existed in the Linux kernel when
reference counting pages, leading to potential use-after-free issues. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11487)
Jann Horn discovered that a race condition existed in the Linux kernel when
performing core dumps. A local attacker could use this to cause a denial of
service (system crash) or expose sensitive information. (CVE-2019-11599)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly zero out memory in some situations. A local
attacker could use this to expose sensitive information
Red Hat
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
vendor_redhat·2019-04-19·CVSS 7.0
CVE-2019-11599 [HIGH] CWE-362 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial o
Red Hat
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
vendor_redhat·2019-04-04·CVSS 7.0
CVE-2019-3892 [HIGH] CWE-667 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
A race condition was found between mmget_not_zero()/get_task_mm() when core dumping tasks. A local attacker is able to exploit race condition where locking of semaphore would allow an attacker to leak kernel memory to userspace.
Statement: This flaw was found to be a duplicate of CVE-2019-11599. Please see https://access.redhat.com/security/cve/CVE-2019-11599 for information about affected products and security errata.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-alt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linu
Debian
CVE-2019-14898: linux - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not com...
vendor_debian·2019·CVSS 7.0
CVE-2019-14898 [HIGH] CVE-2019-14898: linux - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not com...
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2019-11599: linux - The coredump implementation in the Linux kernel before 5.0.10 does not use locki...
vendor_debian·2019·CVSS 7.0
CVE-2019-11599 [HIGH] CVE-2019-11599: linux - The coredump implementation in the Linux kernel before 5.0.10 does not use locki...
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
Scope: local
bookworm: resolved (fixed in 4.19.37-1)
bullseye: resolved (fixed in 4.19.37-1)
forky: resolved (fixed in 4.19.37-1)
sid: resolved (fixed in 4.19.37-1)
trixie: resolved (fixed in 4.19.37-1)
GHSA
GHSA-q8vw-4h9f-5745: The coredump implementation in the Linux kernel before 5
ghsa_unreviewed·2022-05-24
CVE-2019-11599 [HIGH] CWE-667 GHSA-q8vw-4h9f-5745: The coredump implementation in the Linux kernel before 5
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
GHSA
GHSA-8qqf-qhmm-w3cm: The fix for CVE-2019-11599, affecting the Linux kernel before 5
ghsa_unreviewed·2022-05-24·CVSS 7.0
CVE-2019-14898 [HIGH] CWE-362 GHSA-8qqf-qhmm-w3cm: The fix for CVE-2019-11599, affecting the Linux kernel before 5
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
OSV
CVE-2019-14898: The fix for CVE-2019-11599, affecting the Linux kernel before 5
osv·2020-05-08·CVSS 7.0
CVE-2019-14898 [HIGH] CVE-2019-14898: The fix for CVE-2019-11599, affecting the Linux kernel before 5
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression
osv·2019-09-11·CVSS 4.6
[MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression
USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu
18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update,
a regression was introduced that caused a kernel crash when handling
fragmented packets in some situations. This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver
in the Linux kernel did not properly validate metadata received from the
device. A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2018-19985)
Zhipeng Xie discovered that an infinite loop could tr
OSV
linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
osv·2019-09-02·CVSS 4.6
CVE-2018-19985 [MEDIUM] linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver
in the Linux kernel did not properly validate metadata received from the
device. A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2018-19985)
Zhipeng Xie discovered that an infinite loop could be triggered in the CFS
Linux kernel process scheduler. A local attacker could possibly use this to
cause a denial of service. (CVE-2018-20784)
It was discovered that the Intel Wi-Fi device driver in the Linux kernel did
not properly validate certain Tunneled Direct Link Setup (TDLS). A
physically proximate attacker could use this to cause a denial of service
(Wi-Fi
OSV
linux-aws vulnerabilities
osv·2019-09-02·CVSS 3.3
CVE-2018-13053 [LOW] linux-aws vulnerabilities
linux-aws vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel
contained an integer overflow vulnerability. A local attacker could use
this to cause a denial of service. (CVE-2018-13053)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
Wen Xu discovered that the f2fs file system implementation in the Linux
kernel did not properly validate metadata. An attacker could use this to
construct a malicious f2fs image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098,
CVE-2018-1309
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2019-08-13·CVSS 6.8
CVE-2018-5383 [MEDIUM] linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in
the Linux kernel did not properly validate elliptic curve parameters during
Diffie-Hellman key exchange in some situations. An attacker could use this
to expose sensitive information. (CVE-2018-5383)
It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-10126)
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors
incorrectly handle SWAPGS instructions during speculative execution. A
local attacker could use this to expose sensitive information (ke
OSV
linux-hwe vulnerabilities
osv·2019-08-01·CVSS 7.8
[HIGH] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS.
It was discovered that an integer overflow existed in the Linux kernel when
reference counting pages, leading to potential use-after-free issues. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11487)
Jann Horn discovered that a race condition existed in the Linux kernel when
performing core dumps. A local attacker could use this to cause a denial of
service (system crash) or expose sensitive information. (CVE-2019-11599)
It was discovered that the ext4 file system implementation in the
OSV
CVE-2019-11599: The coredump implementation in the Linux kernel before 5
osv·2019-04-29·CVSS 7.0
CVE-2019-11599 [HIGH] CVE-2019-11599: The coredump implementation in the Linux kernel before 5
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
No detection rules found.
Bugzilla
CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
bugzilla·2019-11-20·CVSS 7.8
CVE-2019-14898 [HIGH] CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
Incomplete fix for CVE-2019-11599, race condition between mmget_not_zero()/get_task_mm() and core dumping, in RHEL-7.
Discussion:
External References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-20
Bugzilla
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
bugzilla·2019-05-03·CVSS 7.0
CVE-2019-11599 [HIGH] CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pu
Bugzilla
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]
bugzilla·2019-05-03·CVSS 7.0
CVE-2019-11599 [HIGH] CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue af
Bugzilla
CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
bugzilla·2019-04-04·CVSS 7.0
CVE-2019-3892 [HIGH] CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
A race condition was found between between mmget_not_zero()/get_task_mm() when core dumping tasks. A local attacker is able to exploit race condition where locking of semaphore would allow an attacker to leak kernel memory to userspace.
Upstream patch:
https://marc.info/?l=linux-mm&m=155355419911404&w=2
Discussion:
Acknowledgments:
Name: Andrea Arcangeli (Red Hat Engineering)
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1696078]
---
Note:
CVE-2019-11599 was kept and CVE-2019-3892 REJECTed as reservation duplicate of CVE-2019-11599:
https://seclists.org/oss-sec/2019/q2/77
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3892
---
*** This bug ha
Bugzilla
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]
bugzilla·2019-04-04·CVSS 7.0
CVE-2019-11599 [HIGH] CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue af
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10https://security.netapp.com/advisory/ntap-20200608-0001/https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1790https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10https://security.netapp.com/advisory/ntap-20200608-0001/https://www.oracle.com/security-alerts/cpuApr2021.html
2020-05-08
Published