Impact: Moderate Public Date: 2019-05-01 CWE: (CWE-305|CWE-284) Bugzilla: 1709898: CVE-2019-2054 kernel: seccompass bypass leading to local priviledge escalation In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-2054 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 8.4 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Package | State |
---|---|---|
Red Hat Enterprise MRG 2 | kernel-rt | Under investigation |
Red Hat Enterprise Linux 7 | kernel-rt | Under investigation |
Red Hat Enterprise Linux 7 | kernel | Under investigation |
Red Hat Enterprise Linux 6 | kernel | Under investigation |
Red Hat Enterprise Linux 5 | kernel | Under investigation |