The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

The Linux kernel before 4.8 allows local users to bypass ASLR on setui ...

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

Уязвимость функции load_elf_binary() ядра операционной системы Linux, позволяющая нарушителю обойти механизм защиты ASLR и раскрыть защищаемую информацию

ELSA-2019-4646: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2019-4645: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2019-4642: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2019-4644: Unbreakable Enterprise kernel security update (IMPORTANT)

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

Security update for the Linux Kernel

ELSA-2020-1016: kernel security, bug fix, and enhancement update (MODERATE)