Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2019-11190

Published: 12/04/2019 Updated: 07/06/2019
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 419
Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N
Subscribe to Linux Kernel

Vulnerability Summary

The Linux kernel prior to 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: apparmor update
Several policy updates were made for running under the recently updated Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2019-11190
Impact: Low Public Date: 2019-04-03 CWE: CWE-250 Bugzilla: 1699856: CVE-2019-11190 kernel: ASLR bypass ...

References

CWE-362https://www.openwall.com/lists/oss-security/2019/04/03/4/1https://www.openwall.com/lists/oss-security/2019/04/03/4https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=e1676b55d874a43646e8b2c46d87f2f3e45516ffhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=a5b5352558f6808db0589644ea5401b3e3148a0dhttp://www.securityfocus.com/bid/107890http://www.openwall.com/lists/oss-security/2019/04/15/1https://lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlhttps://lists.debian.org/debian-lts-announce/2019/05/msg00042.htmlhttps://usn.ubuntu.com/4008-1/https://usn.ubuntu.com/4008-2/https://usn.ubuntu.com/4008-3/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/4008-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook