Executive Summary

Informations
Name CVE-2019-3901 First vendor Publication 2019-04-22
Vendor Cve Last vendor Modification 2023-02-12

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score 4.7
Base Score 4.7 Environmental Score 4.7
impact SubScore 3.6 Temporal Score 4.7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3901

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-667 Insufficient Locking

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Os 1
Os 2615

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/89937
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901
https://security.netapp.com/advisory/ntap-20190517-0005/
MLIST https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Date Informations
2024-03-12 12:59:33
  • Multiple Updates
2024-02-02 02:07:35
  • Multiple Updates
2024-02-01 12:18:22
  • Multiple Updates
2023-12-29 01:57:30
  • Multiple Updates
2023-11-22 01:56:54
  • Multiple Updates
2023-09-05 13:02:04
  • Multiple Updates
2023-09-05 01:18:03
  • Multiple Updates
2023-09-02 13:01:13
  • Multiple Updates
2023-09-02 01:18:19
  • Multiple Updates
2023-08-12 13:05:23
  • Multiple Updates
2023-08-12 01:17:40
  • Multiple Updates
2023-08-11 12:58:55
  • Multiple Updates
2023-08-11 01:18:15
  • Multiple Updates
2023-08-06 12:57:11
  • Multiple Updates
2023-08-06 01:17:35
  • Multiple Updates
2023-08-04 12:57:31
  • Multiple Updates
2023-08-04 01:17:46
  • Multiple Updates
2023-07-14 12:57:29
  • Multiple Updates
2023-07-14 01:17:41
  • Multiple Updates
2023-06-06 12:51:01
  • Multiple Updates
2023-03-29 01:58:47
  • Multiple Updates
2023-03-28 12:17:58
  • Multiple Updates
2023-02-13 05:27:45
  • Multiple Updates
2023-02-03 05:28:04
  • Multiple Updates
2023-01-25 01:47:52
  • Multiple Updates
2022-12-01 00:27:24
  • Multiple Updates
2022-10-11 12:51:18
  • Multiple Updates
2022-10-11 01:17:32
  • Multiple Updates
2022-09-09 01:47:27
  • Multiple Updates
2022-03-11 01:43:39
  • Multiple Updates
2022-02-01 01:39:44
  • Multiple Updates
2021-12-11 12:40:55
  • Multiple Updates
2021-12-11 01:38:17
  • Multiple Updates
2021-08-19 12:35:17
  • Multiple Updates
2021-05-25 12:33:31
  • Multiple Updates
2021-05-04 13:35:57
  • Multiple Updates
2021-04-22 02:48:27
  • Multiple Updates
2021-03-27 01:30:32
  • Multiple Updates
2020-12-04 21:23:25
  • Multiple Updates
2020-10-16 21:23:03
  • Multiple Updates
2020-08-11 12:25:47
  • Multiple Updates
2020-08-08 01:25:32
  • Multiple Updates
2020-08-07 12:26:01
  • Multiple Updates
2020-08-07 01:26:48
  • Multiple Updates
2020-08-01 12:25:37
  • Multiple Updates
2020-07-30 01:26:30
  • Multiple Updates
2020-05-23 02:30:01
  • Multiple Updates
2019-09-12 12:11:17
  • Multiple Updates
2019-07-02 15:40:10
  • Multiple Updates
2019-05-29 00:18:58
  • Multiple Updates
2019-05-17 17:19:38
  • Multiple Updates
2019-04-29 21:19:29
  • Multiple Updates
2019-04-24 21:19:45
  • Multiple Updates
2019-04-22 21:19:19
  • First insertion