The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
bugs.chromium.org/p/project-zero/issues/detail?id=1790
bugzilla.redhat.com/show_bug.cgi?id=1774671
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
nvd.nist.gov/vuln/detail/CVE-2019-14898
www.cve.org/CVERecord?id=CVE-2019-14898