CVE-2019-13272

HIGH CISA KEV EPSS 98.8%
Published Jul 17, 20196y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 17, 2019 6y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Dec 10, 2021 4y ago
KEV Due Jun 10, 2022 1486d overdue

Description

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1486d
Added
Dec 10, 2021
Due
Jun 10, 2022

Apply updates per vendor instructions.

EPSS Exploit Probability
98.8% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Affected Products 43

VendorProductVersionRange
linuxlinux_kernel*≥3.16.52  –  <3.16.71
linuxlinux_kernel*≥4.1.39  –  <4.2
linuxlinux_kernel*≥4.4.40  –  <4.4.185
linuxlinux_kernel*≥4.8.16  –  <4.9
linuxlinux_kernel*≥4.9.1  –  <4.9.185
linuxlinux_kernel*≥4.10  –  <4.14.133
linuxlinux_kernel*≥4.15  –  <4.19.58
linuxlinux_kernel*≥4.20  –  <5.1.17
debiandebian_linux8.0any
debiandebian_linux9.0any
debiandebian_linux10.0any
fedoraprojectfedora29any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
canonicalubuntu_linux19.04any
redhatenterprise_linux7.0any
redhatenterprise_linux8.0any
redhatenterprise_linux_for_arm_647.0_aarch64any
redhatenterprise_linux_for_ibm_z_systems7.0_s390xany
redhatenterprise_linux_for_real_time8any
redhatenterprise_linux_for_real_time_for_nfv8.0any
redhatenterprise_linux_for_real_time_for_nfv_tus8.2any
redhatenterprise_linux_for_real_time_for_nfv_tus8.4any
redhatenterprise_linux_for_real_time_for_nfv_tus8.6any
redhatenterprise_linux_for_real_time_for_nfv_tus8.8any
redhatenterprise_linux_for_real_time_tus8.2any
redhatenterprise_linux_for_real_time_tus8.4any
redhatenterprise_linux_for_real_time_tus8.6any
redhatenterprise_linux_for_real_time_tus8.8any
netappaff_a700s_firmware*any
netappaff_a700s*any
netapph410c_firmware*any
netapph410c*any
netapph610s_firmware*any
netapph610s*any
netappactive_iq_unified_manager*any
netappe-series_performance_analyzer*any
netappe-series_santricity_os_controller*≥11.0.0  –  ≤11.60.3
netapphci_management_node*any
netappservice_processor*any
netappsolidfire*any
netappsteelstore_cloud_integrated_storage*any
netapphci_compute_node*any

References 30

  • packetstormsecurity.com http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
    Third Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
    Third Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
    ExploitThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html
    ExploitThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
    ExploitThird Party AdvisoryVDB Entry
  • packetstormsecurity.com http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
    ExploitThird Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:2405
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:2411
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:2809
    Third Party Advisory
  • bugs.chromium.org https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
    ExploitIssue TrackingPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1730895
    Issue TrackingPatch
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1140671
    Issue TrackingPatchThird Party Advisory
  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
    PatchVendor Advisory
  • git.kernel.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
    PatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/
    Release Notes
  • seclists.org https://seclists.org/bugtraq/2019/Jul/30
    Issue TrackingMailing ListThird Party Advisory
  • seclists.org https://seclists.org/bugtraq/2019/Jul/33
    Issue TrackingMailing ListThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20190806-0001/
    Third Party Advisory
  • support.f5.com https://support.f5.com/csp/article/K91025336
    Third Party Advisory
  • support.f5.com https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4093-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4094-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4095-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4117-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4118-1/
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-13272
    US Government Resource
  • debian.org https://www.debian.org/security/2019/dsa-4484
    Third Party Advisory

Remediation

  • bugs.chromium.org https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
    ExploitIssue TrackingPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1730895
    Issue TrackingPatch
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=1140671
    Issue TrackingPatchThird Party Advisory
  • cdn.kernel.org https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
    PatchVendor Advisory
  • git.kernel.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
    PatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
    Patch