| Vulnerability Name: | CVE-2019-11191 (CCN-159809) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2019-04-11 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2019-04-11 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2019-06-17 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | ** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. Note: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 2.5 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) 2.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
4.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-362 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-11191 Source: SUSE Type: UNKNOWN openSUSE-SU-2019:1570 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20190418 Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Source: MLIST Type: UNKNOWN [oss-security] 20190522 Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Source: BID Type: Third Party Advisory, VDB Entry 107887 Source: XF Type: UNKNOWN linux-kernel-cve201911191-sec-bypass(159809) Source: CCN Type: oss-sec Mailing List, Thu, 18 Apr 2019 09:40:54 -0400 (EDT) Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Source: UBUNTU Type: UNKNOWN USN-4006-1 Source: UBUNTU Type: UNKNOWN USN-4006-2 Source: UBUNTU Type: UNKNOWN USN-4007-1 Source: UBUNTU Type: UNKNOWN USN-4007-2 Source: UBUNTU Type: UNKNOWN USN-4008-1 Source: UBUNTU Type: UNKNOWN USN-4008-3 Source: CCN Type: Linux Kernel Web site The Linux Kernel Archives Source: MISC Type: Exploit, Mailing List, Third Party Advisory https://www.openwall.com/lists/oss-security/2019/04/03/4 Source: MISC Type: Exploit, Mailing List, Third Party Advisory https://www.openwall.com/lists/oss-security/2019/04/03/4/1 Source: CCN Type: WhiteSource Vulnerability Database CVE-2019-11191 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||