CVE-2019-13272

NameCVE-2019-13272
DescriptionIn the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1862-1, DLA-1863-1, DSA-4484-1
NVD severityhigh (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.72-1fixed
stretch4.9.168-1vulnerable
stretch (security)4.9.168-1+deb9u5fixed
buster4.19.37-5vulnerable
buster (security)4.19.37-5+deb10u2fixed
bullseye4.19.37-6fixed
sid5.2.9-2fixed
linux-4.9 (PTS)jessie (security)4.9.168-1+deb9u5~deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.19.37-6high
linuxsourcebuster4.19.37-5+deb10u1highDSA-4484-1
linuxsourcejessie3.16.70-1highDLA-1862-1
linuxsourcestretch4.9.168-1+deb9u4highDSA-4484-1
linux-4.9sourcejessie4.9.168-1+deb9u4~deb8u1highDLA-1863-1

Notes

https://bugzilla.suse.com/show_bug.cgi?id=1140671
https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee

Search for package or bug name: Reporting problems