Vulnerability Description
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.8 |
| Debian | Debian Linux | 8.0 |
| Netapp | Active Iq Unified Manager For Vmware Vsphere | >= 9.5 |
| Netapp | Hci Management Node | - |
| Netapp | Snapprotect | - |
| Netapp | Solidfire | - |
| Netapp | Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere | >= 7.2 |
| Netapp | Vasa Provider For Clustered Data Ontap | >= 7.2 |
| Netapp | Virtual Storage Console For Vmware Vsphere | >= 7.2 |
| Netapp | Cn1610 Firmware | - |
| Netapp | Cn1610 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/89937Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190517-0005/Third Party Advisory
- http://www.securityfocus.com/bid/89937Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3901Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190517-0005/Third Party Advisory
FAQ
What is CVE-2019-3901?
CVE-2019-3901 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_acces...
How severe is CVE-2019-3901?
CVE-2019-3901 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3901?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp Active Iq Unified Manager For Vmware Vsphere, Netapp Hci Management Node, Netapp Snapprotect.