Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-11599

Good to know:

icon
icon

Date: April 29, 2019

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Language: C

Severity Score

Related Resources (45)

https://nvd.nist.gov/vuln/detail/CVE-2019-11599
https://security.netapp.com/advisory/ntap-20190517-0002/
http://www.openwall.com/lists/oss-security/2019/04/29/1
https://access.redhat.com/errata/RHSA-2020:0179
https://access.redhat.com/security/cve/CVE-2019-11599
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/errata/RHSA-2019:2029
http://www.openwall.com/lists/oss-security/2019/04/29/2
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
https://support.f5.com/csp/article/K51674118
https://access.redhat.com/errata/RHSA-2019:2043
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
https://seclists.org/bugtraq/2019/Jun/26
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4069-2/
https://security-tracker.debian.org/tracker/CVE-2019-11599
https://support.f5.com/csp/article/K51674118?utm_source=f5support&utm_medium=RSS
https://www.debian.org/security/2019/dsa-4465
https://www.exploit-db.com/exploits/46781/
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
https://access.redhat.com/errata/RHSA-2019:3309
http://www.openwall.com/lists/oss-security/2019/04/30/1
https://security.netapp.com/advisory/ntap-20200608-0001/
https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
https://access.redhat.com/errata/RHSA-2020:0100
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://usn.ubuntu.com/4118-1/
http://www.securityfocus.com/bid/108113
https://support.f5.com/csp/article/K51674118?utm_source=f5support&%3Butm_medium=RSS
https://access.redhat.com/errata/RHSA-2020:0103
https://access.redhat.com/errata/RHSA-2020:0543
https://usn.ubuntu.com/4069-1/
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://seclists.org/bugtraq/2019/Jul/33
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11599
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
https://access.redhat.com/errata/RHSA-2019:3517
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
https://usn.ubuntu.com/4115-1/
https://www.mend.io/vulnerability-database/CVE-2019-11599

Severity Score

Weakness Type (CWE)

Race Conditions

CWE-362

Improper Locking

CWE-667

Top Fix

icon

Upgrade Version

Upgrade to version v5.1-rc6,v3.16.66,v4.14.114,v4.19.37,v4.4.183,v4.9.188,v5.0.10

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us