A flaw was found in the way PTRACE_TRACEME functionality was handled in the Linux kernel. The kernel’s implementation of ptrace can inadvertently grant elevated permissions to an attacker who can then abuse the relationship between the tracer and the process being traced. This flaw could allow a local, unprivileged user to increase their privileges on the system or cause a denial of service.

Mitigation

For mitigation, please refer to the Red Hat Knowledgebase article: <https://access.redhat.com/articles/4292201>

References

nvd.nist.gov/vuln/detail/CVE-2019-13272

www.cve.org/CVERecord?id=CVE-2019-13272

osv 4

githubexploit 6

nessus 28

attackerkb 1

debian 4

cve 1

openvas 22

packetstorm 3

zdt 5

ubuntucve 1

fedora 2

f5 1

metasploit 1

cisa_kev 1

prion 1

exploitpack 1

debiancve 1

exploitdb 3

oraclelinux 3

ibm 2

redhat 3

amazon 2

photon 4

slackware 1

ubuntu 5

cloudfoundry 2

cisa 2

androidsecurity 1

lenovo 1

qualysblog 1

osv

CVE-2019-13272

2019-07-17 13:15:10

linux-4.9 - security update

2019-07-23 00:00:00

linux - security update

2019-07-20 00:00:00

githubexploit

Exploit for Improper Privilege Management in Linux Linux Kernel

2019-08-07 01:21:26

Exploit for Improper Privilege Management in Linux Linux Kernel

2019-09-19 01:58:35

Exploit for Improper Privilege Management in Linux Linux Kernel

2019-07-31 04:51:43

nessus

Fedora 29 : kernel / kernel-headers (2019-a95015e60f)

2019-07-19 00:00:00

Debian DLA-1863-1 : linux-4.9 security update

2019-07-24 00:00:00

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3263-1)

2019-12-12 00:00:00

attackerkb

CVE-2019-13272

2019-07-17 00:00:00

debian

[SECURITY] [DLA 1863-1] linux-4.9 security update

2019-07-23 17:48:52

[SECURITY] [DSA 4484-1] linux security update

2019-07-20 14:34:14

[SECURITY] [DSA 4484-1] linux security update

2019-07-20 14:34:14

cve

CVE-2019-13272

2019-07-17 13:15:00

openvas

Debian: Security Advisory (DLA-1863-1)

2019-07-24 00:00:00

Fedora Update for kernel-headers FEDORA-2019-a95015e60f

2019-07-20 00:00:00

Debian: Security Advisory (DSA-4484-1)

2019-07-21 00:00:00

packetstorm

Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation

2021-11-23 00:00:00

Linux PTRACE_TRACEME Local Root

2020-03-26 00:00:00

Linux Polkit pkexec Helper PTRACE_TRACEME Local Root

2019-10-23 00:00:00

zdt

Linux PTRACE_TRACEME Local Root Exploit

2020-03-26 00:00:00

Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME Exploit

2019-07-17 00:00:00

Linux Polkit pkexec Helper PTRACE_TRACEME Local Root Exploit

2019-10-23 00:00:00

ubuntucve

CVE-2019-13272

2019-07-17 00:00:00

fedora

[SECURITY] Fedora 29 Update: kernel-headers-5.1.18-200.fc29

2019-07-19 03:07:30

[SECURITY] Fedora 29 Update: kernel-5.1.18-200.fc29

2019-07-19 03:07:30

K91025336 : Linux kernel vulnerability CVE-2019-13272

2019-08-30 00:00:00

metasploit

Linux Polkit pkexec helper PTRACE_TRACEME local root exploit

2019-09-05 17:00:44

cisa_kev

Linux Kernel Improper Privilege Management Vulnerability

2021-12-10 00:00:00

prion

Design/Logic Flaw

2019-07-17 13:15:00

exploitpack

Linux Kernel 4.10 5.1.17 - PTRACE_TRACEME pkexec Local Privilege Escalation

2019-07-24 00:00:00

debiancve

CVE-2019-13272

2019-07-17 13:15:00

exploitdb

Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation

2019-07-24 00:00:00

Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)

2019-10-24 00:00:00

Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)

2021-11-23 00:00:00

oraclelinux

kernel security update

2019-08-19 00:00:00

Unbreakable Enterprise kernel security update

2019-08-15 00:00:00

kernel security and bug fix update

2019-09-12 00:00:00

ibm

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-zb

2019-09-11 17:35:09

Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925

2019-09-11 15:45:22

redhat

(RHSA-2019:2411) Important: kernel security update

2019-08-07 14:59:04

(RHSA-2019:2405) Important: kernel-rt security update

2019-08-07 12:47:49

(RHSA-2019:2809) Important: kernel-alt security, bug fix, and enhancement update

2019-09-17 10:58:14

amazon

Important: kernel

2019-07-18 17:16:00

Important: kernel

2019-07-17 23:18:00

photon

Critical Photon OS Security Update - PHSA-2019-0245

2019-07-24 00:00:00

Critical Photon OS Security Update - PHSA-2019-0175

2019-09-03 00:00:00

Critical Photon OS Security Update - PHSA-2019-0026

2019-08-21 00:00:00

slackware

[slackware-security] Slackware 14.2 kernel

2019-07-22 04:08:19

ubuntu

Linux kernel vulnerabilities

2019-08-13 00:00:00

Linux kernel vulnerabilities

2019-08-13 00:00:00

Linux kernel (AWS) vulnerabilities

2019-09-02 00:00:00

cloudfoundry

USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2019-08-29 00:00:00

USN-4094-1: Linux kernel vulnerabilities | Cloud Foundry

2019-09-30 00:00:00

cisa

CISA Adds Thirteen Known Exploited Vulnerabilities to Catalog

2021-12-10 00:00:00

CISA Adds 13 Known Exploited Vulnerabilities to Catalog

2021-12-10 00:00:00

androidsecurity

Pixel Update Bulletin—March 2020

2020-03-02 00:00:00

lenovo

AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US

2020-04-13 19:22:04

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

17.7%

JSON

Related for RH:CVE-2019-13272