Description
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdoslinux
https://www.exploit-db.com/exploits/46781
References (39)
Core 39
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/04/29/2
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/04/29/1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/04/30/1
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46781/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108113
Exploit mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4465
Broken Link mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/26
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jul/33
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4069-1/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4069-2/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2043
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2029
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4095-1/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4115-1/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4118-1/
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0100
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0103
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0179
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0543
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Mailing List, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
Mailing List, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
Mailing List, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190517-0002/
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K51674118
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K51674118?utm_source=f5support&%3Butm_medium=RSS
Third Party Advisory, VDB Entry x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200608-0001/
Scores
CVSS v3
7.0
EPSS
0.0055
EPSS Percentile
68.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-667
Status
published
Products (1)
linux/linux_kernel
2.16.12 - 3.16.66
Published
Apr 29, 2019
Tracked Since
Feb 18, 2026