CVE-2019-3901

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3901
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3901.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3901
Related
Published
2019-04-22T16:29:01Z
Modified
2024-09-11T02:00:05Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A race condition in perfeventopen() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the credguardmutex) are held during the ptracemayaccess() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perfeventalloc() actually attaches to it, allowing an attacker to bypass the ptracemayaccess() check and the perfeventexittask(current) call that is performed in installexec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}