QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11599

Published: Apr 29, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20190429 Re: Linux kernel: multiple issues

mailing-list

x_refsource_MLIST

[oss-security] 20190429 Linux kernel: multiple issues

mailing-list

x_refsource_MLIST

[oss-security] 20190430 Re: Linux kernel: multiple issues

mailing-list

x_refsource_MLIST

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

20190618 [SECURITY] [DSA 4465-1] linux security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2019:1716

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1757

vendor-advisory

x_refsource_SUSE

20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114

x_refsource_MISC

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37

x_refsource_MISC

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10

x_refsource_MISC

https://bugs.chromium.org/p/project-zero/issues/detail?id=1790

x_refsource_MISC

https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a

x_refsource_MISC

http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190517-0002/

x_refsource_CONFIRM

https://support.f5.com/csp/article/K51674118

x_refsource_CONFIRM

http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

x_refsource_MISC

https://support.f5.com/csp/article/K51674118?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20200608-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.