Impact: Moderate Public Date: 2019-04-19 CWE: CWE-362->CWE-667 Bugzilla: 1705937: CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-11599 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 6.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix |
| Red Hat Enterprise Linux 8 | kernel | Affected |
| Red Hat Enterprise Linux 8 | kernel-rt | Affected |
| Red Hat Enterprise Linux 7 | kernel-alt | Affected |
| Red Hat Enterprise Linux 7 | kernel | Affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Affected |
| Red Hat Enterprise Linux 6 | kernel | Affected |
| Red Hat Enterprise Linux 5 | kernel | Under investigation |
Vulmon