{
  "threat_severity" : "Important",
  "public_date" : "2019-01-09T00:00:00Z",
  "bugzilla" : {
    "description" : "polkit: Temporary auth hijacking via PID reuse and non-atomic fork",
    "id" : "1664212",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1664212"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-697->CWE-284",
  "details" : [ "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.", "A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges." ],
  "acknowledgement" : "Red Hat would like to thank Jan Rybar (freedesktop.org) for reporting this issue. Upstream acknowledges Jann Horn (Google Project Zero) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-02-26T00:00:00Z",
    "advisory" : "RHSA-2019:0420",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "polkit-0:0.96-11.el6_10.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.6 Advanced Update Support",
    "release_date" : "2019-04-23T00:00:00Z",
    "advisory" : "RHSA-2019:0832",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.6",
    "package" : "polkit-0:0.96-7.el6_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-01-31T00:00:00Z",
    "advisory" : "RHSA-2019:0230",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "polkit-0:0.112-18.el7_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Extended Update Support",
    "release_date" : "2019-09-12T00:00:00Z",
    "advisory" : "RHSA-2019:2699",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.4",
    "package" : "polkit-0:0.112-12.el7_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support",
    "release_date" : "2019-10-08T00:00:00Z",
    "advisory" : "RHSA-2019:2978",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.5",
    "package" : "polkit-0:0.112-14.el7_5.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "polkit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Will not fix",
    "package_name" : "rhvm-appliance",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4",
    "impact" : "low"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-6133\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6133\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1692" ],
  "name" : "CVE-2019-6133",
  "csaw" : false
}