CVE-2019-13272
Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
Vulnerability Description
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
Affected Platforms (CPE)
💻
Linux
Linux Kernel
>= 3.16.52 and < 3.16.71💻
Linux
Linux Kernel
>= 4.1.39 and < 4.2💻
Linux
Linux Kernel
>= 4.4.40 and < 4.4.185💻
Linux
Linux Kernel
>= 4.8.16 and < 4.9💻
Linux
Linux Kernel
>= 4.9.1 and < 4.9.185💻
Linux
Linux Kernel
>= 4.10 and < 4.14.133💻
Linux
Linux Kernel
>= 4.15 and < 4.19.58💻
Linux
Linux Kernel
>= 4.20 and < 5.1.17💻
Debian
Debian Linux
= 8.0💻
Debian
Debian Linux
= 9.0💻
Debian
Debian Linux
= 10.0💻
Fedoraproject
Fedora
= 29💻
Canonical
Ubuntu Linux
= 16.04💻
Canonical
Ubuntu Linux
= 18.04💻
Canonical
Ubuntu Linux
= 19.04💻
Redhat
Enterprise Linux
= 7.0💻
Redhat
Enterprise Linux
= 8.0💻
Redhat
Enterprise Linux For Arm 64
= 7.0_aarch64💻
Redhat
Enterprise Linux For Ibm Z Systems
= 7.0_s390x💻
Redhat
Enterprise Linux For Real Time
= 8💻
Redhat
Enterprise Linux For Real Time For Nfv
= 8.0💻
Redhat
Enterprise Linux For Real Time For Nfv Tus
= 8.2💻
Redhat
Enterprise Linux For Real Time For Nfv Tus
= 8.4💻
Redhat
Enterprise Linux For Real Time For Nfv Tus
= 8.6💻
Redhat
Enterprise Linux For Real Time For Nfv Tus
= 8.8💻
Redhat
Enterprise Linux For Real Time Tus
= 8.2💻
Redhat
Enterprise Linux For Real Time Tus
= 8.4💻
Redhat
Enterprise Linux For Real Time Tus
= 8.6💻
Redhat
Enterprise Linux For Real Time Tus
= 8.8💻
Netapp
Aff A700s Firmware
All versions💻
Netapp
H410c Firmware
All versions💻
Netapp
H610s Firmware
All versions📦
Netapp
Active Iq Unified Manager
All versions📦
Netapp
E Series Performance Analyzer
All versions📦
Netapp
E Series Santricity Os Controller
>= 11.0.0 and <= 11.60.3📦
Netapp
Hci Management Node
All versions📦
Netapp
Service Processor
All versions📦
Netapp
Solidfire
All versions📦
Netapp
Steelstore Cloud Integrated Storage
All versions🔌
Netapp