Multiple vulnerabilities in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-3901 CVE-2019-11190 |
| CWE-ID | CWE-362 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Race condition
EUVDB-ID: #VU31093
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3901
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.0 - 4.7.10
External linkshttp://www.securityfocus.com/bid/89937
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901
http://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
http://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
http://security.netapp.com/advisory/ntap-20190517-0005/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU31115
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11190
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.0 - 4.7.10
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://www.openwall.com/lists/oss-security/2019/04/15/1
http://www.securityfocus.com/bid/107890
http://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=a5b5352558f6808db0589644ea5401b3e3148a0d
http://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=e1676b55d874a43646e8b2c46d87f2f3e45516ff
http://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
http://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
http://usn.ubuntu.com/4008-1/
http://usn.ubuntu.com/4008-2/
http://usn.ubuntu.com/4008-3/
http://www.openwall.com/lists/oss-security/2019/04/03/4
http://www.openwall.com/lists/oss-security/2019/04/03/4/1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
