Bug 1774671 (CVE-2019-14898) - CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
Summary: CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_z...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-14898
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1749763 1749766 1772263 1772264 1772265 1777351 1777352 1777353 1777354 1777356 1777357 1777358 1777359 1777389 1777390 1813038 1813039 1813040 1813041 1813042 1813043 1813044
Blocks: 1774672
TreeView+ depends on / blocked
 
Reported: 2019-11-20 16:46 UTC by Marian Rehak
Modified: 2020-03-18 10:08 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Clone Of:
Environment:
Last Closed: 2020-02-04 14:09:49 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0454 None None None 2020-02-10 01:39:30 UTC
Red Hat Product Errata RHBA-2020:0455 None None None 2020-02-10 01:49:03 UTC
Red Hat Product Errata RHBA-2020:0516 None None None 2020-02-17 09:36:35 UTC
Red Hat Product Errata RHBA-2020:0517 None None None 2020-02-17 09:30:38 UTC
Red Hat Product Errata RHBA-2020:0518 None None None 2020-02-17 09:30:58 UTC
Red Hat Product Errata RHBA-2020:0554 None None None 2020-02-19 21:45:10 UTC
Red Hat Product Errata RHSA-2020:0328 None None None 2020-02-04 08:52:23 UTC
Red Hat Product Errata RHSA-2020:0339 None None None 2020-02-04 13:12:14 UTC
Red Hat Product Errata RHSA-2020:0374 None None None 2020-02-04 19:30:46 UTC
Red Hat Product Errata RHSA-2020:0375 None None None 2020-02-04 19:30:59 UTC

Description Marian Rehak 2019-11-20 16:46:32 UTC
Incomplete fix for CVE-2019-11599, race condition between mmget_not_zero()/get_task_mm() and core dumping, in RHEL-7.

Comment 7 errata-xmlrpc 2020-02-04 08:52:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328

Comment 8 errata-xmlrpc 2020-02-04 13:12:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339

Comment 9 Product Security DevOps Team 2020-02-04 14:09:49 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14898

Comment 10 errata-xmlrpc 2020-02-04 19:30:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374

Comment 11 errata-xmlrpc 2020-02-04 19:30:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375

Comment 14 Petr Matousek 2020-02-20 16:45:39 UTC
Acknowledgments:

Name: Vladis Dronov (Red Hat Engineering)

Comment 15 Petr Matousek 2020-02-20 16:45:43 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 20 Petr Matousek 2020-03-18 10:08:45 UTC
Statement:

The Red Hat Enterprise Linux 7  kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 released via RHSA-2019:2029) were never affected by CVE-2019-14898 (ie the incomplete fix for CVE-2019-1159) because they never backported the incomplete fix for CVE-2019-11599 in the first place; CVE-2019-11599 was fixed there fully, ie backport consisted of both CVE-2019-11599 and CVE-2019-14898 patches.


Note You need to log in before you can comment on or make changes to this bug.