CVE-2019-11599
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.5%
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
References
lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
www.openwall.com/lists/oss-security/2019/04/29/1
www.openwall.com/lists/oss-security/2019/04/29/2
www.openwall.com/lists/oss-security/2019/04/30/1
www.securityfocus.com/bid/108113
access.redhat.com/errata/RHSA-2019:2029
access.redhat.com/errata/RHSA-2019:2043
access.redhat.com/errata/RHSA-2019:3309
access.redhat.com/errata/RHSA-2019:3517
access.redhat.com/errata/RHSA-2020:0100
access.redhat.com/errata/RHSA-2020:0103
access.redhat.com/errata/RHSA-2020:0179
access.redhat.com/errata/RHSA-2020:0543
bugs.chromium.org/p/project-zero/issues/detail?id=1790
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
lists.debian.org/debian-lts-announce/2019/05/msg00041.html
lists.debian.org/debian-lts-announce/2019/05/msg00042.html
lists.debian.org/debian-lts-announce/2019/06/msg00011.html
seclists.org/bugtraq/2019/Jul/33
seclists.org/bugtraq/2019/Jun/26
security.netapp.com/advisory/ntap-20190517-0002/
security.netapp.com/advisory/ntap-20200608-0001/
support.f5.com/csp/article/K51674118
support.f5.com/csp/article/K51674118?utm_source=f5support&%3Butm_medium=RSS
usn.ubuntu.com/4069-1/
usn.ubuntu.com/4069-2/
usn.ubuntu.com/4095-1/
usn.ubuntu.com/4115-1/
usn.ubuntu.com/4118-1/
www.debian.org/security/2019/dsa-4465
www.exploit-db.com/exploits/46781/
www.oracle.com/security-alerts/cpuApr2021.html
Social References
More
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.5%