Home

CVE-2019-19126

Description

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Risk Information

Base Score
3.3
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.024

Associated Vulnerability

VulnerabilityOS Platform
GNU C Library (USN-4416-1) libc6_2.27-3ubuntu1.2_i386.debLinux
GNU C Library (USN-4416-1) libc6_2.27-3ubuntu1.2_amd64.debLinux
GNU C Library (USN-4416-1) libc6_2.30-0ubuntu2.2_i386.debLinux
GNU C Library (USN-4416-1) libc6_2.30-0ubuntu2.2_amd64.debLinux
GNU C Library (USN-4416-1) libc6_2.23-0ubuntu11.2_i386.debLinux
GNU C Library (USN-4416-1) libc6_2.23-0ubuntu11.2_amd64.debLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-2.17-317.el7.i686.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-2.17-317.el7.x86_64.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-common-2.17-317.el7.x86_64.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-devel-2.17-317.el7.i686.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-devel-2.17-317.el7.x86_64.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-headers-2.17-317.el7.x86_64.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-static-2.17-317.el7.i686.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-static-2.17-317.el7.x86_64.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update glibc-utils-2.17-317.el7.x86_64.rpmLinux
(RHSA-2020:3861) glibc security, bug fix, and enhancement update nscd-2.17-317.el7.x86_64.rpmLinux
Improper Initialization Vulnerability (CVE-2019-19126)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234