CVE-2019-3901

2019-04-2200:00:00

ubuntu.com

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

A race condition in perf_event_open() allows local attackers to leak
sensitive data from setuid programs. As no relevant locks (in particular
the cred_guard_mutex) are held during the ptrace_may_access() call, it is
possible for the specified target task to perform an execve() syscall with
setuid execution before perf_event_alloc() actually attaches to it,
allowing an attacker to bypass the ptrace_may_access() check and the
perf_event_exit_task(current) call that is performed in
install_exec_creds() during privileged execve() calls. This issue affects
kernel versions before 4.8.

Bugs

<https://bugs.chromium.org/p/project-zero/issues/detail?id=807>

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchlinux< 4.4.0-28.47UNKNOWN
ubuntu14.04noarchlinux-lts-xenial< 4.4.0-28.47~14.04.1UNKNOWN
ubuntu16.04noarchlinux-raspi2< 4.4.0-1016.22UNKNOWN
ubuntu16.04noarchlinux-snapdragon< 4.4.0-1019.22UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	linux	< 4.4.0-28.47	UNKNOWN
ubuntu	14.04	noarch	linux-lts-xenial	< 4.4.0-28.47~14.04.1	UNKNOWN
ubuntu	16.04	noarch	linux-raspi2	< 4.4.0-1016.22	UNKNOWN
ubuntu	16.04	noarch	linux-snapdragon	< 4.4.0-1019.22	UNKNOWN