1696015 – (CVE-2019-3892) CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

Bug 1696015 (CVE-2019-3892) - CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

Summary: CVE-2019-3892 kernel: fix race condition between mmget_not_zero()/get_task_mm...

Keywords:
Status:	CLOSED DUPLICATE of bug 1705937
Alias:	CVE-2019-3892
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1696007 1696223
TreeView+	depends on / blocked

Reported:	2019-04-04 02:55 UTC by Wade Mealing
Modified:	2021-03-26 18:10 UTC (History)
CC List:	44 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A race condition was found between mmget_not_zero()/get_task_mm() when core dumping tasks. A local attacker is able to exploit race condition where locking of semaphore would allow an attacker to leak kernel memory to userspace.
Clone Of:
Environment:
Last Closed:	2019-05-03 09:11:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Wade Mealing 2019-04-04 02:55:40 UTC

A race condition was found between between mmget_not_zero()/get_task_mm() when core dumping tasks. A local attacker is able to exploit race condition where locking of semaphore would allow an attacker to leak kernel memory to userspace.


Upstream patch:
https://marc.info/?l=linux-mm&m=155355419911404&w=2

Comment 1 Wade Mealing 2019-04-04 02:56:26 UTC

Acknowledgments:

Name: Andrea Arcangeli (Red Hat Engineering)

Comment 4 Wade Mealing 2019-04-04 06:46:36 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1696078]

Comment 6 Vladis Dronov 2019-05-02 09:20:16 UTC

Note:

CVE-2019-11599 was kept and CVE-2019-3892 REJECTed as reservation duplicate of CVE-2019-11599:

https://seclists.org/oss-sec/2019/q2/77

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3892

Comment 7 msiddiqu 2019-05-03 09:11:53 UTC


*** This bug has been marked as a duplicate of bug 1705937 ***

Comment 8 Doran Moppert 2020-02-10 04:37:00 UTC

Statement:

This flaw was found to be a duplicate of CVE-2019-11599. Please see https://access.redhat.com/security/cve/CVE-2019-11599 for information about affected products and security errata.

Note You need to log in before you can comment on or make changes to this bug.

aarcange
acaringi
airlied
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
msiddiqu
nmurray
plougher
rt-maint
rvrbovsk
steved
williams