Vulnerability CVE-2019-3901

Vulnerability Name:

CVE-2019-3901 (CCN-159973)

Assigned:

2016-04-25

Published:

2016-04-25

Updated:

2023-02-12

Summary:

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.

CVSS v3 Severity:

4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.6 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
4.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-667

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2019-3901

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1701245
(CVE-2019-3901) - CVE-2019-3901 kernel: perf_event_open() and execve() race in setuid programs allows a data leak

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20193901-info-disc(159973)

Source: CCN
Type: Linux Kernel GIT Repository
perf/core: Fix perf_event_open() vs. execve() race

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6335281 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6601941 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in kernel.

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-3901

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:4.7.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20201016	P	RHSA-2020:1016: kernel security, bug fix, and enhancement update (Moderate)	2020-03-31
oval:com.redhat.rhsa:def:20201070	P	RHSA-2020:1070: kernel-rt security and bug fix update (Moderate)	2020-03-31
oval:com.ubuntu.disco:def:201939010000000	V	CVE-2019-3901 on Ubuntu 19.04 (disco) - medium.	2019-04-22
oval:com.ubuntu.cosmic:def:20193901000	V	CVE-2019-3901 on Ubuntu 18.10 (cosmic) - medium.	2019-04-22
oval:com.ubuntu.cosmic:def:201939010000000	V	CVE-2019-3901 on Ubuntu 18.10 (cosmic) - medium.	2019-04-22
oval:com.ubuntu.bionic:def:20193901000	V	CVE-2019-3901 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-22
oval:com.ubuntu.bionic:def:201939010000000	V	CVE-2019-3901 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-22
oval:com.ubuntu.xenial:def:20193901000	V	CVE-2019-3901 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-22
oval:com.ubuntu.xenial:def:201939010000000	V	CVE-2019-3901 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-22
oval:com.ubuntu.trusty:def:20193901000	V	CVE-2019-3901 on Ubuntu 14.04 LTS (trusty) - medium.	2019-04-22

BACK