#VU19996 Race condition in Linux kernel - CVE-2019-11599
Published: August 8, 2019
Vulnerability identifier: #VU19996
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2019-11599
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition with mmget_not_zero or get_task_mm calls and is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c due to kernel does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
Remediation
Install updates from vendor's website.
External links
- http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
- http://www.openwall.com/lists/oss-security/2019/04/29/1
- http://www.openwall.com/lists/oss-security/2019/04/29/2
- http://www.openwall.com/lists/oss-security/2019/04/30/1
- http://www.securityfocus.com/bid/108113
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
- https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://security.netapp.com/advisory/ntap-20190517-0002/
- https://www.exploit-db.com/exploits/46781/