Описание
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Отчет
The Red Hat Enterprise Linux 7 kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 released via RHSA-2019:2029) were never affected by CVE-2019-14898 (ie the incomplete fix for CVE-2019-1159) because they never backported the incomplete fix for CVE-2019-11599 in the first place; CVE-2019-11599 was fixed there fully, ie backport consisted of both CVE-2019-11599 and CVE-2019-14898 patches.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:0375 | 04.02.2020 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:0374 | 04.02.2020 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2020:0328 | 04.02.2020 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2020:0339 | 04.02.2020 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 w ...
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Уязвимость компонентов mmget_not_zero()/get_task_mm() ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
7 High
CVSS3