CVE-2019-14898

CWE-362Race ConditionCWE-667CWE-8217 documents7 sources
Severity
7.0HIGH
EPSS
0.1%
top 84.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Kernel KernelLinux Linux KernelRedhat Enterprise MRG
Timeline
PublishedMay 8
Latest updateMay 24

Description

The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

CVEListV5linux_kernel/kernel< 5.0.10
NVDlinux/linux_kernel5.0.10

Patches

Patch: bugs.chromium.orgPatch: bugs.chromium.org

🔴Vulnerability Details

3
GHSA
GHSA-8qqf-qhmm-w3cm: The fix for CVE-2019-11599, affecting the Linux kernel before 52022-05-24
OSV
CVE-2019-14898: The fix for CVE-2019-11599, affecting the Linux kernel before 52020-05-08
CVEList
CVE-2019-14898: The fix for CVE-2019-11599, affecting the Linux kernel before 52020-05-08

📋Vendor Advisories

2
Red Hat
kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-115992019-11-20
Debian
CVE-2019-14898: linux - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not com...2019

💬Community

1
Bugzilla
CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-115992019-11-20