{ "threat_severity" : "Important", "public_date" : "2019-07-16T00:00:00Z", "bugzilla" : { "description" : "kernel: broken permission and object lifetime handling for PTRACE_TRACEME", "id" : "1730895", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1730895" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-271", "details" : [ "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", "A flaw was found in the way PTRACE_TRACEME functionality was handled in the Linux kernel. The kernel's implementation of ptrace can inadvertently grant elevated permissions to an attacker who can then abuse the relationship between the tracer and the process being traced. This flaw could allow a local, unprivileged user to increase their privileges on the system or cause a denial of service." ], "statement" : "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4292201", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2809", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-alt-0:4.14.0-115.12.1.el7a" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-08-07T00:00:00Z", "advisory" : "RHSA-2019:2405", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-80.7.2.rt9.154.el8_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-08-07T00:00:00Z", "advisory" : "RHSA-2019:2411", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-80.7.2.el8_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "redhat-virtualization-host", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-13272\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13272\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "csaw" : true, "name" : "CVE-2019-13272", "mitigation" : { "value" : "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4292201", "lang" : "en:us" } }