CVE-2019-3901

CWE-6677 documents7 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 79.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux Linux KernelTHE Linux Foundation KernelDebian Debian Linux+4 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_cre

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages7 packages

CVEListV5the_linux_foundation/kernelolder then 4.8
Debianlinux< 4.6.1-1+3

Also affects: Debian Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-7w4w-2hxm-8cc6: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs2022-05-24
CVEList
CVE-2019-3901: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs2019-04-22
OSV
CVE-2019-3901: A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs2019-04-22

📋Vendor Advisories

2
Debian
CVE-2019-3901: linux - A race condition in perf_event_open() allows local attackers to leak sensitive d...2019
Red Hat
kernel: perf_event_open() and execve() race in setuid programs allows a data leak2016-04-25

💬Community

1
Bugzilla
CVE-2019-3901 kernel: perf_event_open() and execve() race in setuid programs allows a data leak2019-04-18
CVE-2019-3901 (MEDIUM CVSS 4.7) | A race condition in perf_event_open | cvebase.io