Vulnerability Description
Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Serenityos | Serenityos | < 2019-12-30 |
Related Weaknesses (CWE)
References
- https://github.com/Fire30/CTF-WRITEUPS/tree/master/36c3_ctf/wisdomExploitThird Party Advisory
- https://github.com/SerenityOS/serenity/commit/0fc24fe2564736689859e7edfa177a86daPatchThird Party Advisory
- https://github.com/Fire30/CTF-WRITEUPS/tree/master/36c3_ctf/wisdomExploitThird Party Advisory
- https://github.com/SerenityOS/serenity/commit/0fc24fe2564736689859e7edfa177a86daPatchThird Party Advisory
FAQ
What is CVE-2019-20172?
CVE-2019-20172 is a vulnerability with a CVSS score of 7.8 (HIGH). Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwritin...
How severe is CVE-2019-20172?
CVE-2019-20172 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-20172?
Check the references section above for vendor advisories and patch information. Affected products include: Serenityos Serenityos.