Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19241

Опубликовано: 25 нояб. 2019
Источник: redhat
CVSS3: 3.9

Описание

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

Отчет

At this time, no Red Hat Enterprise Linux products ship with support for this feature. There is an outstanding feature request for io_uring to be included with Red Hat Enterprise Linux 8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=1784942kernel: privilege escalation via io_uring offload of sendmsg() onto kernel thread with kernel creds

3.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19241

CVSS3: 7.8
ubuntu
около 6 лет назад

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

nvd логотип

CVE-2019-19241

CVSS3: 7.8
nvd
около 6 лет назад

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

debian логотип

CVE-2019-19241

CVSS3: 7.8
debian
около 6 лет назад

In the Linux kernel before 5.4.2, the io_uring feature leads to reques ...

github логотип

GHSA-wxfp-qr5h-g4wx

github
больше 3 лет назад

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

fstec логотип

BDU:2020-00853

CVSS3: 7.8
fstec
около 6 лет назад

Уязвимость функции io_uring ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии

3.9 Low

CVSS3