4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid
programs (such as /bin/su) because install_exec_creds() is called too late
in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access()
check has a race condition when reading /proc/pid/stat.
Author | Note |
---|---|
tyhicks | The fix for this CVE requires some AppArmor profile changes. Backporting the fix is risky because some applications may stop working. More investigation is needed to determine how to backport this fix safely. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | linux | < 4.4.0-149.175 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1045.48 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1084.94 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-kvm | < 4.4.0-1047.53 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-150.176~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-raspi2 | < 4.4.0-1110.118 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-snapdragon | < 4.15.0-1053.57 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-snapdragon | < 4.4.0-1114.119 | UNKNOWN |
www.openwall.com/lists/oss-security/2019/04/15/1
git.kernel.org/linus/9f834ec18defc369d73ccf9e87a2790bfa05bf46 (4.8-rc5)
git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=a5b5352558f6808db0589644ea5401b3e3148a0d
git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=e1676b55d874a43646e8b2c46d87f2f3e45516ff
launchpad.net/bugs/cve/CVE-2019-11190
nvd.nist.gov/vuln/detail/CVE-2019-11190
security-tracker.debian.org/tracker/CVE-2019-11190
ubuntu.com/security/notices/USN-4008-1
ubuntu.com/security/notices/USN-4008-3
www.cve.org/CVERecord?id=CVE-2019-11190
www.openwall.com/lists/oss-security/2019/04/03/4
www.openwall.com/lists/oss-security/2019/04/03/4/1
4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%