7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.5%
The coredump implementation in the Linux kernel before 5.0.10 does not use
locking or other mechanisms to prevent vma layout or vma flags changes
while it runs, which allows local users to obtain sensitive information,
cause a denial of service, or possibly have unspecified other impact by
triggering a race condition with mmget_not_zero or get_task_mm calls. This
is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and
drivers/infiniband/core/uverbs_main.c.
Author | Note |
---|---|
tyhicks | While the upstream commit has a Fixes tag that suggests the flaw was introduced in v4.3, the commit message makes it clear that the issue exists since before the kernel was stored in git. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-60.67 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-21.22 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-159.187 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1047.49 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1011.12 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1090.101 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1047.49~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1014.14~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-azure | < 5.0.0-1012.12 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1056.61 | UNKNOWN |
www.openwall.com/lists/oss-security/2019/04/29/1
www.openwall.com/lists/oss-security/2019/04/29/2
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
launchpad.net/bugs/cve/CVE-2019-11599
nvd.nist.gov/vuln/detail/CVE-2019-11599
security-tracker.debian.org/tracker/CVE-2019-11599
ubuntu.com/security/notices/USN-4069-1
ubuntu.com/security/notices/USN-4069-2
ubuntu.com/security/notices/USN-4095-1
ubuntu.com/security/notices/USN-4115-1
ubuntu.com/security/notices/USN-4118-1
www.cve.org/CVERecord?id=CVE-2019-11599
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.5%