CVE-2019-3901
MEDIUMLinux Kernel < 4.8 - Information Disclosure via Race Condition in perf_event_open()
Title source: llmDescription
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/89937
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190517-0005/
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901
Scores
CVSS v3
4.7
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-667
Status
published
Products (10)
debian/debian_linux
8.0
linux/linux_kernel
< 4.8
netapp/active_iq_unified_manager_for_vmware_vsphere
9.5
netapp/cn1610_firmware
netapp/hci_management_node
netapp/snapprotect
netapp/solidfire
netapp/storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere
7.2
netapp/vasa_provider_for_clustered_data_ontap
7.2
netapp/virtual_storage_console_for_vmware_vsphere
7.2
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026