Lucene search

K
redhatcveRedhat.comRH:CVE-2019-11191
HistoryApr 04, 2020 - 5:25 p.m.

CVE-2019-11191

2020-04-0417:25:21
redhat.com
access.redhat.com
12

EPSS

0

Percentile

5.1%

The Linux kernel allows local users to bypass ASLR protections for setuid a.out programs when CONFIG_IA32_AOUT is enabled and ia32_aout module is loaded, because install_exec_creds() is called too late in the load_aout_binary() in fs/binfmt_aout.c. Due to this, the ptrace_may_access() check may have a race condition with install_exec_creds() when reading /proc/pid/stat file and reveal information on addresses of kernel structures, henceforth defeating the KASLR protection.