CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Published: Jul 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-13272
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.10	4.14.133
linux / linux_kernel	4.20	5.1.17
linux / linux_kernel	4.15	4.19.58
linux / linux_kernel	3.16.52	3.16.71
linux / linux_kernel	4.9.1	4.9.185
linux / linux_kernel	4.1.39	4.2
linux / linux_kernel	4.4.40	4.4.185
linux / linux_kernel	4.8.16	4.9
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
fedoraproject / fedora	29	29.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.04	19.04.x
canonical / ubuntu_linux	16.04	16.04.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_for_real_time	8	8.x
netapp / e-series_santricity_os_controller	11.0.0	11.60.3.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.2	8.2.x
redhat / enterprise_linux_for_real_time_tus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_tus	8.2	8.2.x
redhat / enterprise_linux_for_real_time_for_nfv	8.0	8.0.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.6	8.6.x
redhat / enterprise_linux_for_real_time_tus	8.6	8.6.x
redhat / enterprise_linux_for_ibm_z_systems	7.0_s390x	7.0_s390x.x
redhat / enterprise_linux_for_arm_64	7.0_aarch64	7.0_aarch64.x
redhat / enterprise_linux_for_real_time_tus	8.8	8.8.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.8	8.8.x

Vulnerability Database

289,599

CVE-2019-13272