CVE-2019-3901

Description

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.

References

Link	Tags
http://www.securityfocus.com/bid/89937	vdb entry third party advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html	third party advisory mailing list
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html	third party advisory mailing list
https://security.netapp.com/advisory/ntap-20190517-0005/	third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901	issue tracking third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2019-3901?: CVE-2019-3901 has been scored as a medium severity vulnerability.
How to fix CVE-2019-3901?: To fix CVE-2019-3901, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-3901 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-3901 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-3901?: CVE-2019-3901 affects The Linux Foundation kernel.

Description

Category

CWE-667 – Improper Locking

References

Frequently Asked Questions