Race condition vulnerability in Linux kernel allows local users to bypass ASLR on setuid programs

Race condition vulnerability in Linux kernel allows local users to bypass ASLR on setuid programs

CVE-2019-11190 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:N/A:N

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.