Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2019-3901

Disclosure Date: April 22, 2019
CVE-2019-3901 CVSS v3 Base Score: 4.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.7 Medium
Impact Score:
3.6
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
kernel older then 4.8
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • linux,
  • netapp

Products

  • active iq unified manager for vmware vsphere,
  • cn1610 firmware -,
  • debian linux 8.0,
  • hci management node -,
  • linux kernel,
  • snapprotect -,
  • solidfire -,
  • storage replication adapter for clustered data ontap for vmware vsphere,
  • vasa provider for clustered data ontap,
  • virtual storage console for vmware vsphere
Technical Analysis