CVE-2019-11599

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Published: Apr 29, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11599
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-667

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.20	5.0.10
linux / linux_kernel	4.15	4.19.37
linux / linux_kernel	4.10	4.14.114
linux / linux_kernel	4.5	4.9.188
linux / linux_kernel	3.17	4.4.183
linux / linux_kernel	2.16.12	3.16.66

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://www.openwall.com/lists/oss-security/2019/04/29/1
http://www.openwall.com/lists/oss-security/2019/04/29/2
http://www.openwall.com/lists/oss-security/2019/04/30/1
http://www.securityfocus.com/bid/108113
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2020:0100
https://access.redhat.com/errata/RHSA-2020:0103
https://access.redhat.com/errata/RHSA-2020:0179
https://access.redhat.com/errata/RHSA-2020:0543
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
https://seclists.org/bugtraq/2019/Jul/33
https://seclists.org/bugtraq/2019/Jun/26
https://security.netapp.com/advisory/ntap-20190517-0002/
https://security.netapp.com/advisory/ntap-20200608-0001/
https://support.f5.com/csp/article/K51674118
https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS
https://support.f5.com/csp/article/K51674118?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4069-1/
https://usn.ubuntu.com/4069-2/
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://www.debian.org/security/2019/dsa-4465
https://www.exploit-db.com/exploits/46781/
https://www.oracle.com/security-alerts/cpuApr2021.html

Vulnerability Database

290,273

CVE-2019-11599