SB2020050806 - Race condition in Linux kernel
Published: May 8, 2020
Security Bulletin ID
SB2020050806
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2019-14898)
The vulnerability allows a local user to execute arbitrary code.
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Remediation
Install update from vendor's website.
References
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://www.oracle.com/security-alerts/cpuApr2021.html