CVE-2019-11191 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks The Linux kernel through 5.0.7 when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://www.openwall.com/lists/oss-security/2019/04/18/5 http://www.openwall.com/lists/oss-security/2019/05/22/7 http://www.securityfocus.com/bid/107887 https://usn.ubuntu.com/4006-1/ https://usn.ubuntu.com/4006-2/ https://usn.ubuntu.com/4007-1/ https://usn.ubuntu.com/4007-2/ https://usn.ubuntu.com/4008-1/ https://usn.ubuntu.com/4008-3/ https://www.openwall.com/lists/oss-security/2019/04/03/4 https://www.openwall.com/lists/oss-security/2019/04/03/4/1

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

2.5