1. Home
  2. Vulnerabilities
  3. CVE-2019-13272

CVE-2019-13272

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.27 % (68th)
0.27% Progress
Affected Products 25
Advisories 32
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
MITRE
Published Date
2019-07-17 13:15:10
(5 years ago)
Updated Date
2024-07-24 16:51:53
(7 weeks ago)
Linux Kernel Improper Privilege Management Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-13272
Vendor
Linux
Product
Kernel
In CISA Catalog from
2021-12-10
(2 years ago)
Due Date
2022-06-10
(2 years ago)

Affected Products

Canonical

Debian

Fedoraproject

Linux

Netapp

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.16.52 version and prior 3.16.71 version cpe:2.3:o:linux:linux_kernel >= 3.16.52 < 3.16.71
  Linux Kernel from 4.1.39 version and prior 4.2 version cpe:2.3:o:linux:linux_kernel >= 4.1.39 < 4.2
  Linux Kernel from 4.4.40 version and prior 4.4.185 version cpe:2.3:o:linux:linux_kernel >= 4.4.40 < 4.4.185
  Linux Kernel from 4.8.16 version and prior 4.9 version cpe:2.3:o:linux:linux_kernel >= 4.8.16 < 4.9
  Linux Kernel from 4.9.1 version and prior 4.9.185 version cpe:2.3:o:linux:linux_kernel >= 4.9.1 < 4.9.185
  Linux Kernel from 4.10 version and prior 4.14.133 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.133
  Linux Kernel from 4.15 version and prior 4.19.58 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.58
  Linux Kernel from 4.20 version and prior 5.1.17 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.1.17

Configuration #2

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 29 cpe:2.3:o:fedoraproject:fedora:29

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #5

    CPE23 From Up To
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux for Arm 64 7.0 Aarch64 cpe:2.3:o:redhat:enterprise_linux_for_arm_64:7.0_aarch64
  Redhat Enterprise Linux for Ibm Z Systems 7.0 S390x cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x
  Redhat Enterprise Linux for Real Time 8 cpe:2.3:o:redhat:enterprise_linux_for_real_time:8
  Redhat Enterprise Linux for Real Time For Nfv 8.0 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0
  Redhat Enterprise Linux for Real Time For Nfv Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2
  Redhat Enterprise Linux for Real Time For Nfv Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4
  Redhat Enterprise Linux for Real Time For Nfv Tus 8.6 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6
  Redhat Enterprise Linux for Real Time For Nfv Tus 8.8 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.8
  Redhat Enterprise Linux for Real Time Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2
  Redhat Enterprise Linux for Real Time Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4
  Redhat Enterprise Linux for Real Time Tus 8.6 cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6
  Redhat Enterprise Linux for Real Time Tus 8.8 cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.8

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp Aff A700s Firmware cpe:2.3:o:netapp:aff_a700s_firmware:-
OR  
  Running on/with
  Netapp Aff A700s cpe:2.3:h:netapp:aff_a700s:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp H410c Firmware cpe:2.3:o:netapp:h410c_firmware:-
OR  
  Running on/with
  Netapp H410c cpe:2.3:h:netapp:h410c:-

Configuration #8

AND
    CPE23 From Up To
OR  
  Netapp H610s Firmware cpe:2.3:o:netapp:h610s_firmware:-
OR  
  Running on/with
  Netapp H610s cpe:2.3:h:netapp:h610s:-

Configuration #9

    CPE23 From Up To
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere
  Netapp E-series Performance Analyzer cpe:2.3:a:netapp:e-series_performance_analyzer:-
  Netapp E-series Santricity Os Controller from 11.0.0 version and 11.60.3 and prior versions cpe:2.3:a:netapp:e-series_santricity_os_controller >= 11.0.0 <= 11.60.3
  Netapp Hci Management Node cpe:2.3:a:netapp:hci_management_node:-
  Netapp Service Processor cpe:2.3:a:netapp:service_processor:-
  Netapp Solidfire cpe:2.3:a:netapp:solidfire:-
  Netapp Steelstore Cloud Integrated Storage cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
  Netapp Hci Compute Node cpe:2.3:h:netapp:hci_compute_node:-