{"id":"CVE-2019-11599","details":"The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.","modified":"2026-03-15T22:21:13.735899Z","published":"2019-04-29T18:29:00.243Z","related":["MGASA-2019-0170","MGASA-2019-0171","MGASA-2019-0172","SUSE-SU-2019:1823-1","SUSE-SU-2019:1823-2","SUSE-SU-2019:1829-1","SUSE-SU-2019:1851-1","SUSE-SU-2019:1852-1","SUSE-SU-2019:1854-1","SUSE-SU-2019:1855-1","SUSE-SU-2019:2069-1","SUSE-SU-2019:2430-1","SUSE-SU-2019:2450-1","openSUSE-SU-2019:1716-1","openSUSE-SU-2019:1757-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0103"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0179"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Jun/26"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200608-0001/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0543"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4118-1/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4069-2/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/108113"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2029"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K51674118?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4095-1/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/30/1"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K51674118"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4465"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2043"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3309"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3517"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0100"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190517-0002/"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Jul/33"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4115-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/29/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/29/2"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4069-1/"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/04f5866e41fb70690e28397487d8bd8eea7d712a"},{"type":"FIX","url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html"},{"type":"EVIDENCE","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46781/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11599.json","unresolved_ranges":[{"events":[{"introduced":"2.16.12"},{"fixed":"3.16.66"}]},{"events":[{"introduced":"3.17"},{"fixed":"4.4.183"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.188"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.114"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.37"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.0.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}