CVE-2019-13272
critical-risk
Published 2019-07-17
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
Do I need to act?
!
80.6% chance of exploitation in next 30 days
EPSS score — higher than 19% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
References (59)
Third Party Advisory
http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permissi...
Third Party Advisory
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackwar...
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2405
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2411
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2809
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1730895
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1140671
Issue Tracking
https://seclists.org/bugtraq/2019/Jul/30
Issue Tracking
https://seclists.org/bugtraq/2019/Jul/33
and 39 more references
81
/ 100
critical-risk
Severity
24/34 · High
Exploitability
34/34 · Critical
Exposure
23/34 · High