PT-2019-16759 · Linux+3 · Linux Kernel+3

Published

2016-10-29

·

Updated

2023-02-12

·

CVE-2019-3901

CVSS v3.1

5.6

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.8
Description A race condition in the perf event open() function allows local attackers to leak sensitive data from setuid programs. This occurs because no relevant locks, specifically the cred guard mutex, are held during the ptrace may access() call. As a result, the target task can perform an execve() syscall with setuid execution before perf event alloc() attaches to it, bypassing the ptrace may access() check and the perf event exit task(current) call in install exec creds() during privileged execve() calls.
Recommendations For Linux kernel versions prior to 4.8, update to version 4.8 or later to resolve the issue.

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALT-PU-2016-2218
ALT-PU-2017-1330
CESA-2020_1016
CVE-2019-3901
DLA-1799-1
DLA-1799-2
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:2522
RHSA-2020:2851
RHSA-2020_1016
RHSA-2020_1070

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat