CVE-2019-11599 (NVD)

2019-04-29

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Products Linux_kernel
Type Improper Locking (CWE-667)
First patch - None (likely due to unavailable code)
Patches https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a
Links https://www.debian.org/security/2019/dsa-4465
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
https://usn.ubuntu.com/4118-1/