CVE-2019-11191
LOWLinux Kernel < 5.0.7 - Race Condition in AOUT Binary Loader
Title source: llmDescription
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported
References (12)
Core 12
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2019/04/03/4
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2019/04/03/4/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107887
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/04/18/5
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/05/22/7
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4007-2/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4008-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4006-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4006-2/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4007-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4008-3/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
Scores
CVSS v3
2.5
EPSS
0.0050
EPSS Percentile
38.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-362
Status
published
Products (1)
linux/linux_kernel
< 5.0.7
Published
Apr 12, 2019
Tracked Since
Feb 18, 2026