{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-11-23T18:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"}, {"name": "FEDORA-2019-a95015e60f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"}, {"name": "DSA-4484", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4484"}, {"name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jul/33"}, {"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"}, {"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"}, {"name": "RHSA-2019:2405", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2405"}, {"name": "RHSA-2019:2411", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2411"}, {"name": "USN-4093-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4093-1/"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4095-1/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K91025336"}, {"name": "USN-4117-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4117-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "RHSA-2019:2809", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2809"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13272", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"}, {"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"}, {"name": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140671", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"}, {"name": "FEDORA-2019-a95015e60f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"}, {"name": "DSA-4484", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4484"}, {"name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/33"}, {"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"}, {"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"}, {"name": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190806-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"}, {"name": "RHSA-2019:2405", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2405"}, {"name": "RHSA-2019:2411", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2411"}, {"name": "USN-4093-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4093-1/"}, {"name": "USN-4094-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4095-1/"}, {"name": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"name": "https://support.f5.com/csp/article/K91025336", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K91025336"}, {"name": "USN-4117-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4117-1/"}, {"name": "USN-4118-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "RHSA-2019:2809", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2809"}, {"name": "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS"}, {"name": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"}, {"name": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"}, {"name": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:49:24.327Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"}, {"name": "FEDORA-2019-a95015e60f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"}, {"name": "DSA-4484", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4484"}, {"name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jul/33"}, {"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"}, {"name": "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"}, {"name": "RHSA-2019:2405", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2405"}, {"name": "RHSA-2019:2411", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2411"}, {"name": "USN-4093-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4093-1/"}, {"name": "USN-4094-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4094-1/"}, {"name": "USN-4095-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4095-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K91025336"}, {"name": "USN-4117-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4117-1/"}, {"name": "USN-4118-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4118-1/"}, {"name": "RHSA-2019:2809", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2809"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13272", "datePublished": "2019-07-17T12:32:55", "dateReserved": "2019-07-04T00:00:00", "dateUpdated": "2024-08-04T23:49:24.327Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-06-10", "cisaExploitAdd": "2021-12-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Improper Privilege Management Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA88B130-CD8A-4E14-A1F5-4D1DB031D60E", "versionEndExcluding": "3.16.71", "versionStartIncluding": "3.16.52", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD709672-0E6A-4086-8700-B6C2FDD8599C", "versionEndExcluding": "4.2", "versionStartIncluding": "4.1.39", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "19FB5FC5-740B-418F-B83A-3EA6095270C0", "versionEndExcluding": "4.4.185", "versionStartIncluding": "4.4.40", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "66431BA1-01B5-476A-B483-AE4E7B830BA7", "versionEndExcluding": "4.9", "versionStartIncluding": "4.8.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A719867-AEB7-4E95-A1DE-B96EA092D9FE", "versionEndExcluding": "4.9.185", "versionStartIncluding": "4.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "00D95A2F-5B17-46D9-80D7-2E0D1779C2CE", "versionEndExcluding": "4.14.133", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F921620B-E2A7-421F-8C89-016C51723C17", "versionEndExcluding": "4.19.58", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7049E422-0D4B-45FD-8B06-04BACD44A66E", "versionEndExcluding": "5.1.17", "versionStartIncluding": "4.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:7.0_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "AA559D29-DF65-48AF-96DB-D20A50474758", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", "matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "782C86CD-1B68-410A-A096-E5170AD24DA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "77C61DDC-81F3-4E2D-9CAA-17A256C85443", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "B6B0DA79-DF12-4418-B075-F048C9E2979A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6D5DE3C5-B090-4CE7-9AF2-DEB379D7D5FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "DF7275A1-8853-469E-939B-7533E9E8C499", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B92409A9-0D6B-4B7E-8847-1B63837D201F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "C5C5860E-9FEB-4259-92FD-A85911E2F99E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "CCE99A08-D6F7-4937-8154-65062BC88009", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "665DF1D3-EB88-4A17-B888-3B3CE298269B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", "versionEndIncluding": "11.60.3", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."}, {"lang": "es", "value": "En el kernel de Linux anterior a versi\u00f3n 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabaci\u00f3n de las credenciales de un proceso que desea crear una relaci\u00f3n de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relaci\u00f3n de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). Un factor que contribuye es un problema de vida \u00fatil del objeto (que tambi\u00e9n puede causar un p\u00e1nico). Otro factor que contribuye es el marcado incorrecto de una relaci\u00f3n de ptrace como privilegiada, que puede ser explotada mediante (por ejemplo) el ayudante pkexec de Polkit con PTRACE_TRACEME. NOTA: deny_ptrace de SELinux puede ser una soluci\u00f3n \u00fatil en algunos entornos."}], "id": "CVE-2019-13272", "lastModified": "2024-07-24T16:51:53.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-17T13:15:10.687", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2405"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2411"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2809"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jul/33"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190806-0001/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K91025336"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4093-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4094-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4095-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4117-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4118-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4484"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2809", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.12.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2405", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-80.7.2.rt9.154.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-08-07T00:00:00Z"}, {"advisory": "RHSA-2019:2411", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-80.7.2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-08-07T00:00:00Z"}], "bugzilla": {"description": "kernel: broken permission and object lifetime handling for PTRACE_TRACEME", "id": "1730895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-271", "details": ["In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", "A flaw was found in the way PTRACE_TRACEME functionality was handled in the Linux kernel. The kernel's implementation of ptrace can inadvertently grant elevated permissions to an attacker who can then abuse the relationship between the tracer and the process being traced. This flaw could allow a local, unprivileged user to increase their privileges on the system or cause a denial of service."], "mitigation": {"lang": "en:us", "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4292201"}, "name": "CVE-2019-13272", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-13272\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13272\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4292201", "threat_severity": "Important", "upstream_fix": "kernel 5.1.17"}