CVE-2019-13272
17.07.2019, 13:15
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 3.16.52 ≤ 𝑥 < 3.16.71 |
| linux | linux_kernel | 4.1.39 ≤ 𝑥 < 4.2 |
| linux | linux_kernel | 4.4.40 ≤ 𝑥 < 4.4.185 |
| linux | linux_kernel | 4.8.16 ≤ 𝑥 < 4.9 |
| linux | linux_kernel | 4.9.1 ≤ 𝑥 < 4.9.185 |
| linux | linux_kernel | 4.10 ≤ 𝑥 < 4.14.133 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.19.58 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.1.17 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_for_arm_64 | 7.0_aarch64:_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x:_s390x |
| redhat | enterprise_linux_for_real_time_for_nfv | 8.0 |
| redhat | enterprise_linux_for_real_time_for_nfv_tus | 8.2 |
| redhat | enterprise_linux_for_real_time_for_nfv_tus | 8.4 |
| redhat | enterprise_linux_for_real_time_for_nfv_tus | 8.6 |
| redhat | enterprise_linux_for_real_time_for_nfv_tus | 8.8 |
| redhat | enterprise_linux_for_real_time_tus | 8.2 |
| redhat | enterprise_linux_for_real_time_tus | 8.4 |
| redhat | enterprise_linux_for_real_time_tus | 8.6 |
| redhat | enterprise_linux_for_real_time_tus | 8.8 |
| netapp | aff_a700s_firmware | - |
| netapp | h410c_firmware | - |
| netapp | h610s_firmware | - |
| netapp | active_iq_unified_manager | - |
| netapp | e-series_performance_analyzer | - |
| netapp | e-series_santricity_os_controller | 11.0.0 ≤ 𝑥 ≤ 11.60.3 |
| netapp | hci_management_node | - |
| netapp | service_processor | - |
| netapp | solidfire | - |
| netapp | steelstore_cloud_integrated_storage | - |
| netapp | hci_compute_node | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||||
| linux-aws |
| ||||||||||||
| linux-aws-5.0 |
| ||||||||||||
| linux-aws-hwe |
| ||||||||||||
| linux-azure |
| ||||||||||||
| linux-azure-5.3 |
| ||||||||||||
| linux-azure-edge |
| ||||||||||||
| linux-euclid |
| ||||||||||||
| linux-flo |
| ||||||||||||
| linux-gcp |
| ||||||||||||
| linux-gcp-5.3 |
| ||||||||||||
| linux-gcp-edge |
| ||||||||||||
| linux-gke |
| ||||||||||||
| linux-gke-4.15 |
| ||||||||||||
| linux-gke-5.0 |
| ||||||||||||
| linux-goldfish |
| ||||||||||||
| linux-grouper |
| ||||||||||||
| linux-hwe |
| ||||||||||||
| linux-hwe-edge |
| ||||||||||||
| linux-kvm |
| ||||||||||||
| linux-lts-trusty |
| ||||||||||||
| linux-lts-utopic |
| ||||||||||||
| linux-lts-vivid |
| ||||||||||||
| linux-lts-wily |
| ||||||||||||
| linux-lts-xenial |
| ||||||||||||
| linux-maguro |
| ||||||||||||
| linux-mako |
| ||||||||||||
| linux-manta |
| ||||||||||||
| linux-oem |
| ||||||||||||
| linux-oem-5.4 |
| ||||||||||||
| linux-oem-osp1 |
| ||||||||||||
| linux-oracle |
| ||||||||||||
| linux-oracle-5.0 |
| ||||||||||||
| linux-raspi2 |
| ||||||||||||
| linux-raspi2-5.3 |
| ||||||||||||
| linux-snapdragon |
|
References