CVE-2019-11191

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.5 LOW
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
linuxlinux_kernel
𝑥
≤ 5.0.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
disco
not-affected
cosmic
Fixed 4.18.0-21.22
released
bionic
Fixed 4.15.0-51.55
released
xenial
Fixed 4.4.0-150.176
released
trusty
ignored
linux-aws
disco
not-affected
cosmic
Fixed 4.18.0-1017.19
released
bionic
Fixed 4.15.0-1040.42
released
xenial
Fixed 4.4.0-1084.94
released
trusty
Fixed 4.4.0-1045.48
released
linux-aws-hwe
disco
dne
cosmic
dne
bionic
dne
xenial
Fixed 4.15.0-1040.42~16.04.1
released
trusty
dne
linux-azure
disco
not-affected
cosmic
Fixed 4.18.0-1019.19
released
bionic
Fixed 4.18.0-1019.19~18.04.1
released
xenial
Fixed 4.15.0-1046.50
released
trusty
ignored
linux-azure-edge
disco
dne
cosmic
dne
bionic
Fixed 4.18.0-1019.19~18.04.1
released
xenial
Fixed 4.15.0-1046.50
released
trusty
dne
linux-euclid
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-flo
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-gcp
disco
not-affected
cosmic
Fixed 4.18.0-1012.13
released
bionic
Fixed 4.15.0-1033.35
released
xenial
Fixed 4.15.0-1033.35~16.04.1
released
trusty
dne
linux-gcp-edge
disco
dne
cosmic
dne
bionic
Fixed 4.15.0-1033.35
released
xenial
dne
trusty
dne
linux-gke
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-gke-4.15
disco
dne
bionic
Fixed 4.15.0-1033.35
released
xenial
dne
trusty
dne
linux-gke-5.0
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-goldfish
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-grouper
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-hwe
disco
dne
cosmic
dne
bionic
Fixed 4.18.0-21.22~18.04.1
released
xenial
Fixed 4.15.0-51.55~16.04.1
released
trusty
dne
linux-hwe-edge
disco
dne
cosmic
dne
bionic
not-affected
xenial
Fixed 4.15.0-51.55~16.04.1
released
trusty
dne
linux-kvm
disco
not-affected
cosmic
Fixed 4.18.0-1013.13
released
bionic
Fixed 4.15.0-1035.35
released
xenial
Fixed 4.4.0-1047.53
released
trusty
dne
linux-lts-trusty
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-utopic
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
ignored
linux-lts-vivid
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
ignored
linux-lts-wily
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
ignored
linux-lts-xenial
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
Fixed 4.4.0-150.176~14.04.1
released
linux-maguro
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-mako
disco
dne
cosmic
dne
bionic
dne
xenial
ignored
trusty
dne
linux-manta
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem
disco
Fixed 4.15.0-1039.44
released
cosmic
Fixed 4.15.0-1039.44
released
bionic
Fixed 4.15.0-1039.44
released
xenial
ignored
trusty
dne
linux-oracle
disco
Fixed 4.15.0-1014.16
released
cosmic
Fixed 4.15.0-1014.16
released
bionic
Fixed 4.15.0-1014.16
released
xenial
Fixed 4.15.0-1014.16~16.04.1
released
trusty
dne
linux-raspi2
disco
not-affected
cosmic
Fixed 4.18.0-1015.17
released
bionic
Fixed 4.15.0-1037.39
released
xenial
Fixed 4.4.0-1110.118
released
trusty
dne
linux-snapdragon
disco
not-affected
cosmic
dne
bionic
Fixed 4.15.0-1054.58
released
xenial
Fixed 4.4.0-1114.119
released
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://www.openwall.com/lists/oss-security/2019/04/18/5
http://www.openwall.com/lists/oss-security/2019/05/22/7
http://www.securityfocus.com/bid/107887
https://usn.ubuntu.com/4006-1/
https://usn.ubuntu.com/4006-2/
https://usn.ubuntu.com/4007-1/
https://usn.ubuntu.com/4007-2/
https://usn.ubuntu.com/4008-1/
https://usn.ubuntu.com/4008-3/
https://www.openwall.com/lists/oss-security/2019/04/03/4
https://www.openwall.com/lists/oss-security/2019/04/03/4/1
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://www.openwall.com/lists/oss-security/2019/04/18/5
http://www.openwall.com/lists/oss-security/2019/05/22/7
http://www.securityfocus.com/bid/107887
https://usn.ubuntu.com/4006-1/
https://usn.ubuntu.com/4006-2/
https://usn.ubuntu.com/4007-1/
https://usn.ubuntu.com/4007-2/
https://usn.ubuntu.com/4008-1/
https://usn.ubuntu.com/4008-3/
https://www.openwall.com/lists/oss-security/2019/04/03/4
https://www.openwall.com/lists/oss-security/2019/04/03/4/1