Details of VAR-201907-1641

ID

VAR-201907-1641

CVE

CVE-2019-13272

TITLE

Linux Kernel Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-006727

DESCRIPTION

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4. For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904). We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g Tr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X KW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w yxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5 1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV RdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm BxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+ cW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW OuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA ITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha cojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q= =fTIm -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60 Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . (CVE-2019-13272) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 54.1 | lowlatency, generic | | 4.4.0-150.176 | 54.1 | generic, lowlatency | | 4.4.0-151.178 | 54.1 | lowlatency, generic | | 4.4.0-154.181 | 54.1 | lowlatency, generic | | 4.4.0-157.185 | 54.1 | lowlatency, generic | | 4.15.0-50.54 | 54.2 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-51.55 | 54.2 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-52.56 | 54.2 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-54.58 | 54.2 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 54.2 | generic, lowlatency | | 4.15.0-55.60 | 54.2 | generic, lowlatency | References: CVE-2018-1129, CVE-2019-2101, CVE-2019-3846, CVE-2019-10126, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13272 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-alt security, bug fix, and enhancement update Advisory ID: RHSA-2019:2809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2809 Issue date: 2019-09-20 CVE Names: CVE-2019-5489 CVE-2019-6974 CVE-2019-13272 ==================================================================== 1. Summary: An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le 3. Description: The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967) * [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534) * RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613) * RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979) * RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304) * kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127) * RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836) * RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906) * fragmented packets timing out (BZ#1729066) * Backport TCP follow-up for small buffers (BZ#1733617) Enhancement(s): * RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME 6. Package List: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: kernel-alt-4.14.0-115.12.1.el7a.src.rpm aarch64: kernel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm perf-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm noarch: kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm ppc64le: kernel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm perf-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm s390x: kernel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm kernel-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-headers-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm perf-4.14.0-115.12.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm python-perf-4.14.0-115.12.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm noarch: kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm ppc64le: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt CAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct KEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4 qdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1 qrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb UYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS cyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p NfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu ajvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML Ef3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE iwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O ItDqWovzGmk=yv43 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // VULMON: CVE-2019-13272 // PACKETSTORM: 154044 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 154043 // PACKETSTORM: 154245 // PACKETSTORM: 154553

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	lt	version:	5.1.17	Trust: 1.8
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for arm 64	scope:	eq	version:	7.0_aarch64	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.14.133	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv tus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	3.16.52	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time tus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.20	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.8.16	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9.185	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv tus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	netapp	model:	h610s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	service processor	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.60.3	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.10	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time tus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	7.0_s390x	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.9	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.19.58	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	4.4.185	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.15	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series performance analyzer	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lt	version:	3.16.71	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time	scope:	eq	version:	8	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.9.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.1.39	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.04	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv tus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time tus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time for nfv tus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux for real time tus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.4.40	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	aff a700s	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-006727 // NVD: CVE-2019-13272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13272
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13272
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201907-809
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-13272
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-13272
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-13272
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13272
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2019-006727 // NVD: CVE-2019-13272

THREAT TYPE

local

Trust: 1.0

sources: PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 154043 // PACKETSTORM: 154245 // CNNVD: CNNVD-201907-809

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201907-809

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006727

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-13272

PATCH

title:	ChangeLog-5.1.17	url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17	Trust: 0.8
title:	[SECURITY] [DLA 1862-1] linux security update	url:	https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html	Trust: 0.8
title:	[SECURITY] [DLA 1863-1] linux-4.9 security update	url:	https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html	Trust: 0.8
title:	DSA-4484	url:	https://www.debian.org/security/2019/dsa-4484	Trust: 0.8
title:	FEDORA-2019-a95015e60f	url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/	Trust: 0.8
title:	ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME	url:	https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee	Trust: 0.8
title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME	url:	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee	Trust: 0.8
title:	Red Hat: Important: kernel security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192411 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: kernel-rt security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192405 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4484-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=f7aec913c227117e479ebfa6af2b1b9a	Trust: 0.1
title:	Red Hat: CVE-2019-13272	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-13272	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4093-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4095-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-aws vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4117-1	Trust: 0.1
title:	IBM: IBM Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d9cd8f6d11c68af77f2f2bd27ca37bed	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4094-1	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (March 2021)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=afc44ca312a83d419e062241c4789aae	Trust: 0.1
title:	Ubuntu Security Notice: linux-aws vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4118-1	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	CVE-2019-13272 - Pkexec Local Privilege Escalation	url:	https://github.com/asepsaepdin/CVE-2019-13272	Trust: 0.1

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13272	Trust: 3.1
db:	PACKETSTORM	id:	154245	Trust: 1.7
db:	PACKETSTORM	id:	153663	Trust: 1.6
db:	PACKETSTORM	id:	156929	Trust: 1.6
db:	PACKETSTORM	id:	154957	Trust: 1.6
db:	PACKETSTORM	id:	153702	Trust: 1.6
db:	PACKETSTORM	id:	165051	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-006727	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4646	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2704	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4252	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2749	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346.2	Trust: 0.6
db:	EXPLOIT-DB	id:	50541	Trust: 0.6
db:	EXPLOIT-DB	id:	47163	Trust: 0.6
db:	EXPLOIT-DB	id:	47133	Trust: 0.6
db:	LENOVO	id:	LEN-29592	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-809	Trust: 0.6
db:	VULMON	id:	CVE-2019-13272	Trust: 0.1
db:	PACKETSTORM	id:	154044	Trust: 0.1
db:	PACKETSTORM	id:	154045	Trust: 0.1
db:	PACKETSTORM	id:	153699	Trust: 0.1
db:	PACKETSTORM	id:	154043	Trust: 0.1
db:	PACKETSTORM	id:	154553	Trust: 0.1

sources: VULMON: CVE-2019-13272 // JVNDB: JVNDB-2019-006727 // PACKETSTORM: 154044 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 154043 // PACKETSTORM: 154245 // PACKETSTORM: 154553 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

REFERENCES

url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1903	Trust: 2.4
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1730895	Trust: 2.4
url:	https://bugzilla.suse.com/show_bug.cgi?id=1140671	Trust: 2.4
url:	http://packetstormsecurity.com/files/165051/linux-kernel-5.1.x-ptrace_traceme-pkexec-local-privilege-escalation.html	Trust: 2.2
url:	http://packetstormsecurity.com/files/153663/linux-ptrace_traceme-broken-permission-object-lifetime-handling.html	Trust: 2.2
url:	http://packetstormsecurity.com/files/156929/linux-ptrace_traceme-local-root.html	Trust: 2.2
url:	https://www.debian.org/security/2019/dsa-4484	Trust: 2.2
url:	http://packetstormsecurity.com/files/153702/slackware-security-advisory-slackware-14.2-kernel-updates.html	Trust: 2.2
url:	https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13272	Trust: 2.0
url:	https://access.redhat.com/errata/rhsa-2019:2809	Trust: 1.7
url:	http://packetstormsecurity.com/files/154957/linux-polkit-pkexec-helper-ptrace_traceme-local-root.html	Trust: 1.6
url:	https://security.netapp.com/advisory/ntap-20190806-0001/	Trust: 1.6
url:	https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.1.17	Trust: 1.6
url:	https://support.f5.com/csp/article/k91025336	Trust: 1.6
url:	https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html	Trust: 1.6
url:	https://seclists.org/bugtraq/2019/jul/30	Trust: 1.6
url:	https://usn.ubuntu.com/4094-1/	Trust: 1.6
url:	https://seclists.org/bugtraq/2019/jul/33	Trust: 1.6
url:	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee	Trust: 1.6
url:	https://usn.ubuntu.com/4117-1/	Trust: 1.6
url:	https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2019:2405	Trust: 1.6
url:	https://usn.ubuntu.com/4093-1/	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2019:2411	Trust: 1.6
url:	https://usn.ubuntu.com/4095-1/	Trust: 1.6
url:	http://packetstormsecurity.com/files/154245/kernel-live-patch-security-notice-lsn-0054-1.html	Trust: 1.6
url:	https://usn.ubuntu.com/4118-1/	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/	Trust: 1.0
url:	https://support.f5.com/csp/article/k91025336?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13272	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/	Trust: 0.6
url:	https://support.f5.com/csp/article/k91025336?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html	Trust: 0.6
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193255-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193252-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193249-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193248-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193247-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193260-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193261-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193263-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193246-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2704/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2749/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4646/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-29592	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4252/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50541	Trust: 0.6
url:	https://www.exploit-db.com/exploits/47133	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-ptrace-link-29820	Trust: 0.6
url:	https://www.exploit-db.com/exploits/47163	Trust: 0.6
url:	https://packetstormsecurity.com/files/153663/linux-ptrace/traceme-broken-permission-object-lifetime-handling.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346.2/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12614	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10126	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3846	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1125	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12984	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5383	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13233	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12818	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2101	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12819	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11599	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61	Trust: 0.1
url:	https://usn.ubuntu.com/4095-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127	Trust: 0.1
url:	https://usn.ubuntu.com/4093-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1013.14	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1013.13	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-25.26~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1018.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1014.14	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.0.0-25.26	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/linux	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2024	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14610	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20856	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13098	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14609	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13093	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20169	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14614	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13053	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42	Trust: 0.1
url:	https://usn.ubuntu.com/4094-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13099	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20511	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13100	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13096	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14613	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14617	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1129	Trust: 0.1
url:	https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6974	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13272	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6974	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5489	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1

sources: JVNDB: JVNDB-2019-006727 // PACKETSTORM: 154044 // PACKETSTORM: 154045 // PACKETSTORM: 153699 // PACKETSTORM: 154043 // PACKETSTORM: 154245 // PACKETSTORM: 154553 // CNNVD: CNNVD-201907-809 // NVD: CVE-2019-13272

CREDITS

Google Security Research, Ventsislav Varbanovski,Metasploit,nu11secur1ty,Jann Horn,bcoles

Trust: 0.6

sources: CNNVD: CNNVD-201907-809

SOURCES

db:	VULMON	id:	CVE-2019-13272
db:	JVNDB	id:	JVNDB-2019-006727
db:	PACKETSTORM	id:	154044
db:	PACKETSTORM	id:	154045
db:	PACKETSTORM	id:	153699
db:	PACKETSTORM	id:	154043
db:	PACKETSTORM	id:	154245
db:	PACKETSTORM	id:	154553
db:	CNNVD	id:	CNNVD-201907-809
db:	NVD	id:	CVE-2019-13272

LAST UPDATE DATE

2024-11-20T20:19:33.533000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-13272	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-006727	date:	2019-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201907-809	date:	2021-11-25T00:00:00
db:	NVD	id:	CVE-2019-13272	date:	2024-07-24T16:51:53.170

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-13272	date:	2019-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-006727	date:	2019-07-25T00:00:00
db:	PACKETSTORM	id:	154044	date:	2019-08-13T17:45:06
db:	PACKETSTORM	id:	154045	date:	2019-08-13T17:45:15
db:	PACKETSTORM	id:	153699	date:	2019-07-20T19:11:11
db:	PACKETSTORM	id:	154043	date:	2019-08-13T17:45:00
db:	PACKETSTORM	id:	154245	date:	2019-08-28T23:02:22
db:	PACKETSTORM	id:	154553	date:	2019-09-20T15:08:09
db:	CNNVD	id:	CNNVD-201907-809	date:	2019-07-16T00:00:00
db:	NVD	id:	CVE-2019-13272	date:	2019-07-17T13:15:10.687