Bug 1774671 (CVE-2019-14898)

Summary: CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, bhu, blc, brdeoliv, dhoward, dvlasenk, esammons, fhrbata, hkrzesin, iboverma, jlelli, jross, jshortt, jstancek, kernel-mgr, lgoncalv, matt, mcressma, mlangsdo, mmilgram, nmurray, plougher, qzhao, rt-maint, rvrbovsk, vdronov, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-04 14:09:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1749763, 1749766, 1772263, 1772264, 1772265, 1777351, 1777352, 1777353, 1777354, 1777356, 1777357, 1777358, 1777359, 1777389, 1777390, 1813038, 1813039, 1813040, 1813041, 1813042, 1813043, 1813044    
Bug Blocks: 1774672    

Description Marian Rehak 2019-11-20 16:46:32 UTC
Incomplete fix for CVE-2019-11599, race condition between mmget_not_zero()/get_task_mm() and core dumping, in RHEL-7.

Comment 7 errata-xmlrpc 2020-02-04 08:52:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328

Comment 8 errata-xmlrpc 2020-02-04 13:12:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339

Comment 9 Product Security DevOps Team 2020-02-04 14:09:49 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14898

Comment 10 errata-xmlrpc 2020-02-04 19:30:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374

Comment 11 errata-xmlrpc 2020-02-04 19:30:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375

Comment 14 Petr Matousek 2020-02-20 16:45:39 UTC
Acknowledgments:

Name: Vladis Dronov (Red Hat Engineering)

Comment 15 Petr Matousek 2020-02-20 16:45:43 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 20 Petr Matousek 2020-03-18 10:08:45 UTC
Statement:

The Red Hat Enterprise Linux 7  kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 released via RHSA-2019:2029) were never affected by CVE-2019-14898 (ie the incomplete fix for CVE-2019-1159) because they never backported the incomplete fix for CVE-2019-11599 in the first place; CVE-2019-11599 was fixed there fully, ie backport consisted of both CVE-2019-11599 and CVE-2019-14898 patches.