CVE-2019-11191

EUVD-2019-2895

12.04.2019, 00:29

The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.5 LOW	LOCAL	HIGH	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 ≤ 5.0.7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	unimportant
bookworm (security)	unimportant
bullseye	unimportant
bullseye (security)	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	Fixed 4.15.0-51.55 released
cosmic	Fixed 4.18.0-21.22 released
disco	not-affected
trusty	ignored
xenial	Fixed 4.4.0-150.176 released

linux-aws

bionic	Fixed 4.15.0-1040.42 released
cosmic	Fixed 4.18.0-1017.19 released
disco	not-affected
trusty	Fixed 4.4.0-1045.48 released
xenial	Fixed 4.4.0-1084.94 released

linux-aws-hwe

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-1040.42~16.04.1 released

linux-azure

bionic	Fixed 4.18.0-1019.19~18.04.1 released
cosmic	Fixed 4.18.0-1019.19 released
disco	not-affected
trusty	ignored
xenial	Fixed 4.15.0-1046.50 released

linux-azure-edge

bionic	Fixed 4.18.0-1019.19~18.04.1 released
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-1046.50 released

linux-euclid

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-flo

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-gcp

bionic	Fixed 4.15.0-1033.35 released
cosmic	Fixed 4.18.0-1012.13 released
disco	not-affected
trusty	dne
xenial	Fixed 4.15.0-1033.35~16.04.1 released

linux-gcp-edge

bionic	Fixed 4.15.0-1033.35 released
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-gke

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-gke-4.15

bionic	Fixed 4.15.0-1033.35 released
disco	dne
trusty	dne
xenial	dne

linux-gke-5.0

bionic	not-affected
disco	dne
trusty	dne
xenial	dne

linux-goldfish

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-grouper

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-hwe

bionic	Fixed 4.18.0-21.22~18.04.1 released
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-51.55~16.04.1 released

linux-hwe-edge

bionic	not-affected
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 4.15.0-51.55~16.04.1 released

linux-kvm

bionic	Fixed 4.15.0-1035.35 released
cosmic	Fixed 4.18.0-1013.13 released
disco	not-affected
trusty	dne
xenial	Fixed 4.4.0-1047.53 released

linux-lts-trusty

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-lts-utopic

bionic	dne
cosmic	dne
disco	dne
trusty	ignored
xenial	dne

linux-lts-vivid

bionic	dne
cosmic	dne
disco	dne
trusty	ignored
xenial	dne

linux-lts-wily

bionic	dne
cosmic	dne
disco	dne
trusty	ignored
xenial	dne

linux-lts-xenial

bionic	dne
cosmic	dne
disco	dne
trusty	Fixed 4.4.0-150.176~14.04.1 released
xenial	dne

linux-maguro

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-mako

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	ignored

linux-manta

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

linux-oem

bionic	Fixed 4.15.0-1039.44 released
cosmic	Fixed 4.15.0-1039.44 released
disco	Fixed 4.15.0-1039.44 released
trusty	dne
xenial	ignored

linux-oracle

bionic	Fixed 4.15.0-1014.16 released
cosmic	Fixed 4.15.0-1014.16 released
disco	Fixed 4.15.0-1014.16 released
trusty	dne
xenial	Fixed 4.15.0-1014.16~16.04.1 released