CVE - CVE-2019-11599

CVE-ID
CVE-2019-11599	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:108113 URL:http://www.securityfocus.com/bid/108113 BUGTRAQ:20190618 [SECURITY] [DSA 4465-1] linux security update URL:https://seclists.org/bugtraq/2019/Jun/26 BUGTRAQ:20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) URL:https://seclists.org/bugtraq/2019/Jul/33 CONFIRM:https://security.netapp.com/advisory/ntap-20190517-0002/ URL:https://security.netapp.com/advisory/ntap-20190517-0002/ CONFIRM:https://security.netapp.com/advisory/ntap-20200608-0001/ URL:https://security.netapp.com/advisory/ntap-20200608-0001/ CONFIRM:https://support.f5.com/csp/article/K51674118 URL:https://support.f5.com/csp/article/K51674118 CONFIRM:https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS URL:https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS DEBIAN:DSA-4465 URL:https://www.debian.org/security/2019/dsa-4465 EXPLOIT-DB:46781 URL:https://www.exploit-db.com/exploits/46781/ MISC:http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html URL:http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html MISC:http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html URL:http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html MISC:https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 URL:https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 MISC:https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114 URL:https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114 MISC:https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 URL:https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 MISC:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 URL:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a URL:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a MISC:https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a URL:https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a MISC:https://www.oracle.com/security-alerts/cpuApr2021.html URL:https://www.oracle.com/security-alerts/cpuApr2021.html MLIST:[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html MLIST:[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update URL:https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html MLIST:[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html MLIST:[oss-security] 20190429 Linux kernel: multiple issues URL:http://www.openwall.com/lists/oss-security/2019/04/29/1 MLIST:[oss-security] 20190429 Re: Linux kernel: multiple issues URL:http://www.openwall.com/lists/oss-security/2019/04/29/2 MLIST:[oss-security] 20190430 Re: Linux kernel: multiple issues URL:http://www.openwall.com/lists/oss-security/2019/04/30/1 REDHAT:RHSA-2019:2029 URL:https://access.redhat.com/errata/RHSA-2019:2029 REDHAT:RHSA-2019:2043 URL:https://access.redhat.com/errata/RHSA-2019:2043 REDHAT:RHSA-2019:3309 URL:https://access.redhat.com/errata/RHSA-2019:3309 REDHAT:RHSA-2019:3517 URL:https://access.redhat.com/errata/RHSA-2019:3517 REDHAT:RHSA-2020:0100 URL:https://access.redhat.com/errata/RHSA-2020:0100 REDHAT:RHSA-2020:0103 URL:https://access.redhat.com/errata/RHSA-2020:0103 REDHAT:RHSA-2020:0179 URL:https://access.redhat.com/errata/RHSA-2020:0179 REDHAT:RHSA-2020:0543 URL:https://access.redhat.com/errata/RHSA-2020:0543 SUSE:openSUSE-SU-2019:1716 URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html SUSE:openSUSE-SU-2019:1757 URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html UBUNTU:USN-4069-1 URL:https://usn.ubuntu.com/4069-1/ UBUNTU:USN-4069-2 URL:https://usn.ubuntu.com/4069-2/ UBUNTU:USN-4095-1 URL:https://usn.ubuntu.com/4095-1/ UBUNTU:USN-4115-1 URL:https://usn.ubuntu.com/4115-1/ UBUNTU:USN-4118-1 URL:https://usn.ubuntu.com/4118-1/
Assigning CNA
MITRE Corporation
Date Record Created
20190429	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190429)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)