CVE-2019-19241

HIGH

Linux kernel <5.4.2 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19241. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a race condition in io_uring's IORING_OP_SENDMSG to escalate privileges by forcing a kernel worker thread to execute sendmsg() with root credentials. The PoC demonstrates adding an IPv4 address to the loopback interface without required privileges.

Description

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocallinux
https://www.exploit-db.com/exploits/47779

This exploit leverages a race condition in io_uring's IORING_OP_SENDMSG to escalate privileges by forcing a kernel worker thread to execute sendmsg() with root credentials. The PoC demonstrates adding an IPv4 address to the loopback interface without required privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel 5.3 with io_uring support
No auth needed
Prerequisites: Unprivileged user access · Linux Kernel 5.3 or later with io_uring enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.8
EPSS 0.0109
EPSS Percentile 61.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
linux/linux_kernel < 5.4.2
Published Dec 17, 2019
Tracked Since Feb 18, 2026