CVE-2019-11599 Information

Description

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs which allows local users to obtain sensitive information cause a denial of service or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c mm/mmap.c fs/proc/task_mmu.c and drivers/infiniband/core/uverbs_main.c.

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/04/29/1 http://www.openwall.com/lists/oss-security/2019/04/29/2 http://www.openwall.com/lists/oss-security/2019/04/30/1 http://www.securityfocus.com/bid/108113 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0100 https://access.redhat.com/errata/RHSA-2020:0103 https://access.redhat.com/errata/RHSA-2020:0179 https://access.redhat.com/errata/RHSA-2020:0543 https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html https://seclists.org/bugtraq/2019/Jul/33 https://seclists.org/bugtraq/2019/Jun/26 https://security.netapp.com/advisory/ntap-20190517-0002/ https://security.netapp.com/advisory/ntap-20200608-0001/ https://support.f5.com/csp/article/K51674118 https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS https://usn.ubuntu.com/4069-1/ https://usn.ubuntu.com/4069-2/ https://usn.ubuntu.com/4095-1/ https://usn.ubuntu.com/4115-1/ https://usn.ubuntu.com/4118-1/ https://www.debian.org/security/2019/dsa-4465 https://www.exploit-db.com/exploits/46781/

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.0