QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11191

Published: Apr 11, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openwall.com/lists/oss-security/2019/04/03/4

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2019/04/03/4/1

x_refsource_MISC

vdb-entry

x_refsource_BID

[oss-security] 20190418 Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID

mailing-list

x_refsource_MLIST

[oss-security] 20190522 Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:1570

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.