CVE-2019-11599

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.10

Description The issue is caused by errors in synchronization when using a shared resource in the Linux kernel's coredump implementation. This allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget not zero or get task mm calls. The affected files include fs/userfaultfd.c, mm/mmap.c, fs/proc/task mmu.c, and drivers/infiniband/core/uverbs main.c.

Recommendations For Linux kernel versions prior to 5.0.10, update to version 5.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the coredump functionality until a patch is available. Avoid triggering race conditions with mmget not zero or get task mm calls in the affected API endpoints, such as those related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task mmu.c, and drivers/infiniband/core/uverbs main.c, until the issue is resolved.