7
CVE-2019-11599
- EPSS 0.99%
- Veröffentlicht 29.04.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:21:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.16.12 < 3.16.66
Linux ≫ Linux Kernel Version >= 3.17 < 4.4.183
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.188
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.114
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.37
Linux ≫ Linux Kernel Version >= 4.20 < 5.0.10
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
https://access.redhat.com/errata/RHSA-2019:3517
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://usn.ubuntu.com/4118-1/
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
https://usn.ubuntu.com/4095-1/
https://access.redhat.com/errata/RHSA-2020:0103
https://access.redhat.com/errata/RHSA-2020:0179
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://seclists.org/bugtraq/2019/Jul/33
https://access.redhat.com/errata/RHSA-2020:0100
https://access.redhat.com/errata/RHSA-2019:3309
https://usn.ubuntu.com/4115-1/
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
https://seclists.org/bugtraq/2019/Jun/26
https://www.debian.org/security/2019/dsa-4465
http://www.openwall.com/lists/oss-security/2019/04/29/1
https://usn.ubuntu.com/4069-1/
https://usn.ubuntu.com/4069-2/
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
http://www.openwall.com/lists/oss-security/2019/04/29/2
http://www.openwall.com/lists/oss-security/2019/04/30/1
http://www.securityfocus.com/bid/108113
https://access.redhat.com/errata/RHSA-2020:0543
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
https://security.netapp.com/advisory/ntap-20190517-0002/
https://security.netapp.com/advisory/ntap-20200608-0001/
https://support.f5.com/csp/article/K51674118
https://support.f5.com/csp/article/K51674118?utm_source=f5support&%3Butm_medium=RSS
https://www.exploit-db.com/exploits/46781/