ID

VAR-201907-1641


CVE

CVE-2019-13272


TITLE

Linux Kernel Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727

DESCRIPTION

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4. For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904). For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g Tr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X KW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w yxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5 1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV RdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm BxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+ cW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW OuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA ITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha cojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q= =fTIm -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2019:2405-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2405 Issue date: 2019-08-07 CVE Names: CVE-2019-1125 CVE-2019-13272 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1724389 - CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-80.7.2.rt9.154.el8_0.src.rpm x86_64: kernel-rt-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-core-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-core-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-devel-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-kvm-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-kvm-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-modules-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-devel-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-kvm-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-kvm-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-modules-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-modules-extra-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm Red Hat Enterprise Linux Real Time (v. 8): Source: kernel-rt-4.18.0-80.7.2.rt9.154.el8_0.src.rpm x86_64: kernel-rt-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-core-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-core-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-devel-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-kvm-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-modules-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-devel-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-kvm-debuginfo-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-modules-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm kernel-rt-modules-extra-4.18.0-80.7.2.rt9.154.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. ========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60 Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.182/*: Upgraded. These updates fix various bugs and many minor security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.183: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3892 Fixed in 4.4.185: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16597 Fixed in 4.4.186: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz d7e0b9ffdc4265b45d4de39d49d52616 kernel-generic-4.4.186-i586-1.txz c1131f8dd16f7113cc8b1e14c402a9b7 kernel-generic-smp-4.4.186_smp-i686-1.txz ca4630c4ee7056c51f3262152bfb9213 kernel-headers-4.4.186_smp-x86-1.txz 61b95e68756fe9741ddbdc52f397fe49 kernel-huge-4.4.186-i586-1.txz ff981138513726a502d57f9e2aecad36 kernel-huge-smp-4.4.186_smp-i686-1.txz ca8f6fb5fc378d16e5afcee31dd032dc kernel-modules-4.4.186-i586-1.txz 25fc2f1280f1a706705ef4535f4efd1c kernel-modules-smp-4.4.186_smp-i686-1.txz 2d299723d6f910df1e8c21d18070b9ef kernel-source-4.4.186_smp-noarch-1.txz Slackware x86_64 14.2 packages: 01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz 80caffb238022225afe93b957fecbff2 kernel-generic-4.4.186-x86_64-1.txz f72e4543e3489d18604f33a901e04551 kernel-headers-4.4.186-x86-1.txz 0765db332a94cfedcacd987871903e56 kernel-huge-4.4.186-x86_64-1.txz 8d565a7b223b9444731796e6147116eb kernel-modules-4.4.186-x86_64-1.txz 0254fdbb4430362ea373b47584d8eb30 kernel-source-4.4.186-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.186-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.186 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.186-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.186 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAl01KjgACgkQakRjwEAQIjMg2ACgkXFjt5mqwc6bWfNWNYIb6F5y sIYAn2QTdyBjiq969Qg0zSxDtzPuHg9u =Rrbb -----END PGP SIGNATURE----- . (CVE-2019-13272) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 54.1 | lowlatency, generic | | 4.4.0-150.176 | 54.1 | generic, lowlatency | | 4.4.0-151.178 | 54.1 | lowlatency, generic | | 4.4.0-154.181 | 54.1 | lowlatency, generic | | 4.4.0-157.185 | 54.1 | lowlatency, generic | | 4.15.0-50.54 | 54.2 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-51.55 | 54.2 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-52.56 | 54.2 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-54.58 | 54.2 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-55.60 | 54.2 | generic, lowlatency | References: CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Trust: 2.43

sources: NVD: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // VULMON: CVE-2019-13272 // PACKETSTORM: 154044 // PACKETSTORM: 153972 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 153970 // PACKETSTORM: 154043 // PACKETSTORM: 153702 // PACKETSTORM: 154245

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:ltversion:5.1.17

Trust: 1.8

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for arm 64scope:eqversion:7.0_aarch64

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.4

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.133

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.16.52

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.2

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.4

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.8.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.2

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.8

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.1.39

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.8

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.58

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.4.40

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.16.71

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:29

Trust: 1.0

vendor:netappmodel:aff a700sscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:h610sscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time tusscope:eqversion:8.6

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.185

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.9.1

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.60.3

Trust: 1.0

vendor:netappmodel:e-series performance analyzerscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:redhatmodel:enterprise linux for real timescope:eqversion:8

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv tusscope:eqversion:8.6

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfvscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:7.0_s390x

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.185

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727 // NVD: CVE-2019-13272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13272
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-13272
value: HIGH

Trust: 1.0

NVD: CVE-2019-13272
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-809
value: HIGH

Trust: 0.6

VULMON: CVE-2019-13272
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13272
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-13272
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2019-13272
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272 // NVD: CVE-2019-13272

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727 // NVD: CVE-2019-13272

THREAT TYPE

local

Trust: 1.0

sources: PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 154043 // PACKETSTORM: 154245 // CNNVD: CNNVD-201907-809

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-809

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:debian:debian_linux"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:fedoraproject:fedora"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:linux:linux_kernel"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2019-006727

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-13272

PATCH

title:ChangeLog-5.1.17url:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17

Trust: 0.8

title:[SECURITY] [DLA 1862-1] linux security updateurl:https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html

Trust: 0.8

title:[SECURITY] [DLA 1863-1] linux-4.9 security updateurl:https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html

Trust: 0.8

title:DSA-4484url:https://www.debian.org/security/2019/dsa-4484

Trust: 0.8

title:FEDORA-2019-a95015e60furl:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/

Trust: 0.8

title:ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEMEurl:https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEMEurl:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 0.8

title:Red Hat: Important: kernel security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192411 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192405 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4484-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f7aec913c227117e479ebfa6af2b1b9a

Trust: 0.1

title:Red Hat: CVE-2019-13272url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-13272

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4093-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4095-1

Trust: 0.1

title:Ubuntu Security Notice: linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4117-1

Trust: 0.1

title:IBM: IBM Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d9cd8f6d11c68af77f2f2bd27ca37bed

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4094-1

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (March 2021)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=afc44ca312a83d419e062241c4789aae

Trust: 0.1

title:Ubuntu Security Notice: linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4118-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:CVE-2019-13272 - Pkexec Local Privilege Escalationurl:https://github.com/asepsaepdin/CVE-2019-13272

Trust: 0.1

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727

EXTERNAL IDS

db:NVDid:CVE-2019-13272

Trust: 3.3

db:PACKETSTORMid:153702

Trust: 1.7

db:PACKETSTORMid:154245

Trust: 1.7

db:PACKETSTORMid:153663

Trust: 1.6

db:PACKETSTORMid:156929

Trust: 1.6

db:PACKETSTORMid:154957

Trust: 1.6

db:PACKETSTORMid:165051

Trust: 1.6

db:JVNDBid:JVNDB-2019-006727

Trust: 0.8

db:AUSCERTid:ESB-2019.4646

Trust: 0.6

db:AUSCERTid:ESB-2019.2704

Trust: 0.6

db:AUSCERTid:ESB-2019.4346

Trust: 0.6

db:AUSCERTid:ESB-2019.4252

Trust: 0.6

db:AUSCERTid:ESB-2019.2749

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:EXPLOIT-DBid:50541

Trust: 0.6

db:EXPLOIT-DBid:47163

Trust: 0.6

db:EXPLOIT-DBid:47133

Trust: 0.6

db:LENOVOid:LEN-29592

Trust: 0.6

db:CNNVDid:CNNVD-201907-809

Trust: 0.6

db:VULMONid:CVE-2019-13272

Trust: 0.1

db:PACKETSTORMid:154044

Trust: 0.1

db:PACKETSTORMid:153972

Trust: 0.1

db:PACKETSTORMid:154045

Trust: 0.1

db:PACKETSTORMid:153699

Trust: 0.1

db:PACKETSTORMid:153970

Trust: 0.1

db:PACKETSTORMid:154043

Trust: 0.1

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // PACKETSTORM: 154044 // PACKETSTORM: 153972 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 153970 // PACKETSTORM: 154043 // PACKETSTORM: 153702 // PACKETSTORM: 154245 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

REFERENCES

url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1903

Trust: 2.4

url:https://bugzilla.redhat.com/show_bug.cgi?id=1730895

Trust: 2.4

url:https://bugzilla.suse.com/show_bug.cgi?id=1140671

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13272

Trust: 2.2

url:http://packetstormsecurity.com/files/165051/linux-kernel-5.1.x-ptrace_traceme-pkexec-local-privilege-escalation.html

Trust: 2.2

url:http://packetstormsecurity.com/files/153663/linux-ptrace_traceme-broken-permission-object-lifetime-handling.html

Trust: 2.2

url:http://packetstormsecurity.com/files/156929/linux-ptrace_traceme-local-root.html

Trust: 2.2

url:https://www.debian.org/security/2019/dsa-4484

Trust: 2.2

url:http://packetstormsecurity.com/files/153702/slackware-security-advisory-slackware-14.2-kernel-updates.html

Trust: 2.2

url:https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html

Trust: 2.2

url:https://access.redhat.com/errata/rhsa-2019:2411

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2019:2405

Trust: 1.7

url:http://packetstormsecurity.com/files/154957/linux-polkit-pkexec-helper-ptrace_traceme-local-root.html

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20190806-0001/

Trust: 1.6

url:https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.1.17

Trust: 1.6

url:https://support.f5.com/csp/article/k91025336

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html

Trust: 1.6

url:https://seclists.org/bugtraq/2019/jul/30

Trust: 1.6

url:https://usn.ubuntu.com/4094-1/

Trust: 1.6

url:https://seclists.org/bugtraq/2019/jul/33

Trust: 1.6

url:https://access.redhat.com/errata/rhsa-2019:2809

Trust: 1.6

url:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 1.6

url:https://usn.ubuntu.com/4117-1/

Trust: 1.6

url:https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

Trust: 1.6

url:https://usn.ubuntu.com/4093-1/

Trust: 1.6

url:https://usn.ubuntu.com/4095-1/

Trust: 1.6

url:http://packetstormsecurity.com/files/154245/kernel-live-patch-security-notice-lsn-0054-1.html

Trust: 1.6

url:https://usn.ubuntu.com/4118-1/

Trust: 1.6

url:https://support.f5.com/csp/article/k91025336?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13272

Trust: 0.9

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/

Trust: 0.6

url:https://support.f5.com/csp/article/k91025336?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193255-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193252-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193249-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193248-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193247-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193260-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193261-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193263-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193246-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2704/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2749/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4646/

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-29592

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4252/

Trust: 0.6

url:https://www.exploit-db.com/exploits/50541

Trust: 0.6

url:https://www.exploit-db.com/exploits/47133

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-ptrace-link-29820

Trust: 0.6

url:https://www.exploit-db.com/exploits/47163

Trust: 0.6

url:https://packetstormsecurity.com/files/153663/linux-ptrace/traceme-broken-permission-object-lifetime-handling.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-1125

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-10126

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-3846

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-12614

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12984

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11599

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-5383

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-1125

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13272

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/4329821

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13233

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12818

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-2101

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12819

Trust: 0.2

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61

Trust: 0.1

url:https://usn.ubuntu.com/4095-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127

Trust: 0.1

url:https://usn.ubuntu.com/4093-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1013.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1013.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-25.26~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1018.19

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1014.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.0.0-25.26

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14

Trust: 0.1

url:https://security-tracker.debian.org/tracker/linux

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16862

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2024

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20856

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13098

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13093

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14614

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13053

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42

Trust: 0.1

url:https://usn.ubuntu.com/4094-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13099

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20511

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13100

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-13096

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14617

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16597

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3892

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16597

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3892

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11599

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3846

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1129

Trust: 0.1

url:https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Trust: 0.1

sources: JVNDB: JVNDB-2019-006727 // PACKETSTORM: 154044 // PACKETSTORM: 153972 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 153970 // PACKETSTORM: 154043 // PACKETSTORM: 153702 // PACKETSTORM: 154245 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

CREDITS

Google Security Research, Ventsislav Varbanovski,Metasploit,nu11secur1ty,Jann Horn,bcoles

Trust: 0.6

sources: CNNVD: CNNVD-201907-809

SOURCES

db:VULMONid:CVE-2019-13272
db:JVNDBid:JVNDB-2019-006727
db:PACKETSTORMid:154044
db:PACKETSTORMid:153972
db:PACKETSTORMid:154045
db:PACKETSTORMid:153699
db:PACKETSTORMid:153970
db:PACKETSTORMid:154043
db:PACKETSTORMid:153702
db:PACKETSTORMid:154245
db:CNNVDid:CNNVD-201907-809
db:NVDid:CVE-2019-13272

LAST UPDATE DATE

2025-05-10T19:56:43.068000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-13272date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2019-006727date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201907-809date:2021-11-25T00:00:00
db:NVDid:CVE-2019-13272date:2025-04-03T20:28:35.577

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-13272date:2019-07-17T00:00:00
db:JVNDBid:JVNDB-2019-006727date:2019-07-25T00:00:00
db:PACKETSTORMid:154044date:2019-08-13T17:45:06
db:PACKETSTORMid:153972date:2019-08-07T20:11:10
db:PACKETSTORMid:154045date:2019-08-13T17:45:15
db:PACKETSTORMid:153699date:2019-07-20T19:11:11
db:PACKETSTORMid:153970date:2019-08-07T20:10:41
db:PACKETSTORMid:154043date:2019-08-13T17:45:00
db:PACKETSTORMid:153702date:2019-07-22T09:32:22
db:PACKETSTORMid:154245date:2019-08-28T23:02:22
db:CNNVDid:CNNVD-201907-809date:2019-07-16T00:00:00
db:NVDid:CVE-2019-13272date:2019-07-17T13:15:10.687