Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.5
CVSSv3

CVE-2019-11191

Published: 12/04/2019 Updated: 11/04/2024
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 2.5 | Impact Score: 1.4 | Exploitability Score: 1
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Linux Kernel

Vulnerability Summary

The Linux kernel up to and including 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-aws-hwe, linux-hwe, linux-oracle vulnerability
A system hardening measure could be bypassed ...
Ubuntu Security Notice: linux-hwe vulnerability
A system hardening measure could be bypassed ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerability
A system hardening measure could be bypassed ...
Ubuntu Security Notice: apparmor update
Several policy updates were made for running under the recently updated Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerability
A system hardening measure could be bypassed ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2019-11191
Impact: Low Public Date: 2019-04-03 CWE: CWE-362 Bugzilla: 1700007: CVE-2019-11191 kernel: race conditi ...

Mailing Lists

Full Disclosure: Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Linux kernel &lt; 48 local generic ASLR - another CVE-ID <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Vla ...

References

CWE-362https://www.openwall.com/lists/oss-security/2019/04/03/4/1https://www.openwall.com/lists/oss-security/2019/04/03/4http://www.securityfocus.com/bid/107887http://www.openwall.com/lists/oss-security/2019/04/18/5http://www.openwall.com/lists/oss-security/2019/05/22/7https://usn.ubuntu.com/4008-1/https://usn.ubuntu.com/4007-2/https://usn.ubuntu.com/4007-1/https://usn.ubuntu.com/4006-2/https://usn.ubuntu.com/4006-1/https://usn.ubuntu.com/4008-3/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.htmlhttps://nvd.nist.govhttps://usn.ubuntu.com/4008-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook