CVE-2019-3901
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-3901
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3901.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-3901
- Related
- Published
- 2019-04-22T16:29:01Z
- Modified
- 2024-09-18T01:00:21Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A race condition in perfeventopen() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the credguardmutex) are held during the ptracemayaccess() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perfeventalloc() actually attaches to it, allowing an attacker to bypass the ptracemayaccess() check and the perfeventexittask(current) call that is performed in installexec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
- References
-
- http://www.securityfocus.com/bid/89937
- https://security.netapp.com/advisory/ntap-20190517-0005/
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901
- https://security-tracker.debian.org/tracker/CVE-2019-3901
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source