The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because installexeccreds() is called too late in loadaoutbinary() in fs/binfmtaout.c, and thus the ptracemayaccess() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported