Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2019-11599: kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

Back to Search

Red Hat OpenShift: CVE-2019-11599: kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
04/29/2019
Created
12/30/2020
Added
12/29/2020
Modified
12/29/2020

Description

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

Solution(s)

  • linuxrpm-upgrade-redhat-coreos

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;