Bug 1774671 (CVE-2019-14898)
| Summary: | CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, bhu, blc, brdeoliv, dhoward, dvlasenk, esammons, fhrbata, hkrzesin, iboverma, jlelli, jross, jshortt, jstancek, kernel-mgr, lgoncalv, matt, mcressma, mlangsdo, mmilgram, nmurray, plougher, qzhao, rt-maint, rvrbovsk, vdronov, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-02-04 14:09:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1749763, 1749766, 1772263, 1772264, 1772265, 1777351, 1777352, 1777353, 1777354, 1777356, 1777357, 1777358, 1777359, 1777389, 1777390, 1813038, 1813039, 1813040, 1813041, 1813042, 1813043, 1813044 | ||
| Bug Blocks: | 1774672 | ||
|
Description
Marian Rehak
2019-11-20 16:46:32 UTC
External References: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14898 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375 Acknowledgments: Name: Vladis Dronov (Red Hat Engineering) Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Statement: The Red Hat Enterprise Linux 7 kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 released via RHSA-2019:2029) were never affected by CVE-2019-14898 (ie the incomplete fix for CVE-2019-1159) because they never backported the incomplete fix for CVE-2019-11599 in the first place; CVE-2019-11599 was fixed there fully, ie backport consisted of both CVE-2019-11599 and CVE-2019-14898 patches. |