Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-11599
Severity
7.0HIGH
EPSS
0.5%
top 32.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 29
Latest updateMay 24
Description
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
4💥Exploits & PoCs
1Exploit-DB
▶
📋Vendor Advisories
10Red Hat▶
kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599↗2019-11-20
💬Community
5Bugzilla▶
CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599↗2019-11-20
Bugzilla▶
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping↗2019-05-03
Bugzilla▶
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]↗2019-05-03
Bugzilla▶
CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping [fedora-all]↗2019-04-04
Bugzilla▶
CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping↗2019-04-04