CVE-2019-11191
Description
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported
Risk Information
Base Score
2.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.009
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3931-2) linux-image-aws-hwe_4.15.0.1040.40_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3932-2) linux-image-aws_4.4.0.1044.45_amd64.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-aws_4.18.0.1017.17_amd64.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-gcp_4.18.0.1012.12_amd64.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-gke_4.18.0.1012.12_amd64.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-kvm_4.18.0.1013.13_amd64.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-generic_4.18.0.21.22_i386.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-generic_4.18.0.21.22_amd64.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-lowlatency_4.18.0.21.22_i386.deb | Linux |
| Linux kernel (USN-3980-1) linux-image-lowlatency_4.18.0.21.22_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3980-2) linux-image-generic-hwe-18.04_4.18.0.21.71_i386.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3980-2) linux-image-generic-hwe-18.04_4.18.0.21.71_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3980-2) linux-image-lowlatency-hwe-18.04_4.18.0.21.71_i386.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3980-2) linux-image-lowlatency-hwe-18.04_4.18.0.21.71_amd64.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-aws_4.15.0.1040.39_amd64.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-gcp_4.15.0.1033.35_amd64.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-kvm_4.15.0.1035.35_amd64.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-oracle_4.15.0.1014.17_amd64.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-generic_4.15.0.51.53_i386.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-generic_4.15.0.51.53_amd64.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-lowlatency_4.15.0.51.53_i386.deb | Linux |
| Linux kernel (USN-3981-1) linux-image-lowlatency_4.15.0.51.53_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-oem_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-oracle_4.15.0.1014.8_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-generic-hwe-16.04_4.15.0.51.72_i386.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-generic-hwe-16.04_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-virtual-hwe-16.04_4.15.0.51.72_i386.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-virtual-hwe-16.04_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-lowlatency-hwe-16.04_4.15.0.51.72_i386.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3981-2) linux-image-lowlatency-hwe-16.04_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-aws_4.4.0.1084.87_amd64.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-kvm_4.4.0.1047.47_amd64.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-generic_4.4.0.150.158_i386.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-generic_4.4.0.150.158_amd64.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-virtual_4.4.0.150.158_i386.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-virtual_4.4.0.150.158_amd64.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-lowlatency_4.4.0.150.158_i386.deb | Linux |
| Linux kernel (USN-3982-1) linux-image-lowlatency_4.4.0.150.158_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-aws_4.18.0.1017.17_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-gcp_4.18.0.1012.12_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-gke_4.18.0.1012.12_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-kvm_4.18.0.1013.13_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-generic_4.18.0.21.22_i386.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-generic_4.18.0.21.22_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-lowlatency_4.18.0.21.22_i386.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-lowlatency_4.18.0.21.22_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-1012-gcp_4.18.0-1012.13_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-1013-kvm_4.18.0-1013.13_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-1017-aws_4.18.0-1017.19_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-21-generic_4.18.0-21.22_i386.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-21-generic_4.18.0-21.22_amd64.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-21-lowlatency_4.18.0-21.22_i386.deb | Linux |
| Linux kernel (USN-4006-1) linux-image-4.18.0-21-lowlatency_4.18.0-21.22_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-4.18.0-21-generic_4.18.0-21.22~18.04.1_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-4.18.0-21-generic_4.18.0-21.22~18.04.1_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-generic-hwe-18.04_4.18.0.21.71_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-generic-hwe-18.04_4.18.0.21.71_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-4.18.0-21-lowlatency_4.18.0-21.22~18.04.1_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-4.18.0-21-lowlatency_4.18.0-21.22~18.04.1_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-lowlatency-hwe-18.04_4.18.0.21.71_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-4006-2) linux-image-lowlatency-hwe-18.04_4.18.0.21.71_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-aws_4.15.0.1040.39_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-gcp_4.15.0.1033.35_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-kvm_4.15.0.1035.35_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-oem_4.15.0.1039.43_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-oracle_4.15.0.1014.17_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-generic_4.15.0.51.53_i386.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-generic_4.15.0.51.53_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-lowlatency_4.15.0.51.53_i386.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-lowlatency_4.15.0.51.53_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-1033-gcp_4.15.0-1033.35_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-1035-kvm_4.15.0-1035.35_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-1039-oem_4.15.0-1039.44_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-1040-aws_4.15.0-1040.42_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-51-generic_4.15.0-51.55_i386.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-51-generic_4.15.0-51.55_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-1014-oracle_4.15.0-1014.16_amd64.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-51-lowlatency_4.15.0-51.55_i386.deb | Linux |
| Linux kernel (USN-4007-1) linux-image-4.15.0-51-lowlatency_4.15.0-51.55_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-oem_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-oracle_4.15.0.1014.8_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-aws-hwe_4.15.0.1040.40_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-4.15.0-1040-aws_4.15.0-1040.42~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-4.15.0-51-generic_4.15.0-51.55~16.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-4.15.0-51-generic_4.15.0-51.55~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-generic-hwe-16.04_4.15.0.51.72_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-generic-hwe-16.04_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-virtual-hwe-16.04_4.15.0.51.72_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-virtual-hwe-16.04_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-4.15.0-1014-oracle_4.15.0-1014.16~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-4.15.0-51-lowlatency_4.15.0-51.55~16.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-4.15.0-51-lowlatency_4.15.0-51.55~16.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-lowlatency-hwe-16.04_4.15.0.51.72_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-4007-2) linux-image-lowlatency-hwe-16.04_4.15.0.51.72_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-aws_4.4.0.1084.87_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-kvm_4.4.0.1047.47_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-generic_4.4.0.150.158_i386.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-generic_4.4.0.150.158_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-virtual_4.4.0.150.158_i386.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-virtual_4.4.0.150.158_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-lowlatency_4.4.0.150.158_i386.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-lowlatency_4.4.0.150.158_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-4.4.0-1047-kvm_4.4.0-1047.53_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-4.4.0-1084-aws_4.4.0-1084.94_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-4.4.0-150-generic_4.4.0-150.176_i386.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-4.4.0-150-generic_4.4.0-150.176_amd64.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-4.4.0-150-lowlatency_4.4.0-150.176_i386.deb | Linux |
| Linux kernel (USN-4008-1) linux-image-4.4.0-150-lowlatency_4.4.0-150.176_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234