Executive Summary

Informations
NameCVE-2019-11599First vendor Publication2019-04-29
VendorCveLast vendor Modification2019-05-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599

CWE : Common Weakness Enumeration

%idName
100 %CWE-362Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2949

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/108113
BUGTRAQ https://seclists.org/bugtraq/2019/Jun/26
CONFIRM https://security.netapp.com/advisory/ntap-20190517-0002/
https://support.f5.com/csp/article/K51674118
DEBIAN https://www.debian.org/security/2019/dsa-4465
EXPLOIT-DB https://www.exploit-db.com/exploits/46781/
MISC http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04...
https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d...
MLIST http://www.openwall.com/lists/oss-security/2019/04/29/1
http://www.openwall.com/lists/oss-security/2019/04/29/2
http://www.openwall.com/lists/oss-security/2019/04/30/1
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DateInformations
2019-07-21 12:01:15
  • Multiple Updates
2019-07-20 12:03:33
  • Multiple Updates
2019-07-17 12:10:55
  • Multiple Updates
2019-07-02 15:40:01
  • Multiple Updates
2019-06-19 12:10:03
  • Multiple Updates
2019-06-18 12:09:52
  • Multiple Updates
2019-06-15 12:10:33
  • Multiple Updates
2019-05-29 00:18:57
  • Multiple Updates
2019-05-17 17:19:35
  • Multiple Updates
2019-05-11 00:19:02
  • Multiple Updates
2019-05-03 21:19:27
  • Multiple Updates
2019-05-01 13:19:06
  • Multiple Updates
2019-05-01 00:19:05
  • Multiple Updates
2019-04-30 17:19:15
  • Multiple Updates
2019-04-30 09:19:26
  • Multiple Updates
2019-04-30 05:19:23
  • Multiple Updates
2019-04-30 00:18:57
  • First insertion