Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-11599

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

See the

CVE page on Mitre.org for more details.

References

BID: 108113
BUGTRAQ: 20190618 [SECURITY] [D...
CONFIRM: https://security.netap...
DEBIAN: DSA-4465
EXPLOIT-DB: 46781
MISC: http://packetstormsecu...
MISC: https://bugs.chromium....
MISC: https://cdn.kernel.org...
MISC: https://cdn.kernel.org...
MISC: https://cdn.kernel.org...
MISC: https://git.kernel.org...
MISC: https://github.com/tor...
MLIST: [debian-lts-announce] ...
MLIST: [debian-lts-announce] ...
MLIST: [debian-lts-announce] ...
MLIST: [oss-security] 2019042...
MLIST: [oss-security] 2019042...
MLIST: [oss-security] 2019043...
CONFIRM: https://support.f5.com...
SUSE: openSUSE-SU-2019:1716
SUSE: openSUSE-SU-2019:1757
BUGTRAQ: 20190722 [slackware-se...
UBUNTU: USN-4069-1
MISC: http://packetstormsecu...
UBUNTU: USN-4069-2
REDHAT: RHSA-2019:2029
REDHAT: RHSA-2019:2043
UBUNTU: USN-4095-1
UBUNTU: USN-4115-1
UBUNTU: USN-4118-1
CONFIRM: https://support.f5.com...
REDHAT: RHSA-2019:3309
REDHAT: RHSA-2019:3517
REDHAT: RHSA-2020:0100
REDHAT: RHSA-2020:0103
REDHAT: RHSA-2020:0179
REDHAT: RHSA-2020:0543
CONFIRM: https://security.netap...
MISC: https://www.oracle.com...

Launchpad.net

CVE 2019-11599

Related bugs

References