Name of the Vulnerable Software and Affected Versions:

Linux kernel versions prior to 5.1.17

Description:

The issue is related to improper privilege management in the Linux kernel, specifically in the ptrace link function. This can be exploited by local users to obtain root access under certain scenarios involving a parent-child process relationship, where a parent drops privileges and calls execve. Contributing factors include an object lifetime issue and incorrect marking of a ptrace relationship as privileged, which can be exploited through Polkit's pkexec helper with PTRACE TRACEME. The vulnerability can lead to a denial of service or privilege escalation.

Recommendations:

For Linux kernel versions prior to 5.1.17, update to version 5.1.17 or later to resolve the issue. As a temporary workaround, consider using SELinux deny ptrace in some environments to mitigate the risk of exploitation. Additionally, restrict the use of the PTRACE TRACEME system call to minimize the risk of privilege escalation.