CVE-2019-11599

CVSS v3.1 7 (High)

CVSS v2.0 6.9 (Medium)

EPSS 0.05 % (23^th)

Affected Products 1

Advisories 28

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Weaknesses

CWE-667: Improper Locking

Related CVEs

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-04-29 18:29:00
(5 years ago)
Updated Date: 2024-02-15 15:56:20
(7 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.16.12 version and prior 3.16.66 version	cpe:2.3:o:linux:linux_kernel	>= 2.16.12	< 3.16.66
Linux Kernel from 3.17 version and prior 4.4.183 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 4.4.183
Linux Kernel from 4.5 version and prior 4.9.188 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.188
Linux Kernel from 4.10 version and prior 4.14.114 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.114
Linux Kernel from 4.15 version and prior 4.19.37 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.37
Linux Kernel from 4.20 version and prior 5.0.10 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.0.10