PublicDateAtUSN: 2019-04-11 Candidate: CVE-2019-11191 PublicDate: 2019-04-12 00:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191 https://www.openwall.com/lists/oss-security/2019/04/03/4 https://www.openwall.com/lists/oss-security/2019/04/03/4/1 https://ubuntu.com/security/notices/USN-4006-1 https://ubuntu.com/security/notices/USN-4006-2 https://ubuntu.com/security/notices/USN-4007-1 https://ubuntu.com/security/notices/USN-4007-2 https://ubuntu.com/security/notices/USN-4008-1 https://ubuntu.com/security/notices/USN-4008-3 Description: ** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported. Ubuntu-Description: Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. Notes: tyhicks> This only affects i386 Ubuntu kernels. Additionally, it is very unlikely that systems will have a setuid a.out program installed. sbeattie> configuration changes to disable i386 a.out support are in progress. Bugs: https://bugs.launchpad.net/bugs/1818552 Priority: negligible Discovered-by: Federico Manuel Bento Assigned-to: CVSS: nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N [2.5 LOW] Patches_linux: break-fix: - eac616557050737a8d6ef6fe0322d0980ff0ffde upstream_linux: released (5.1~rc1) precise/esm_linux: ignored (was needs-triage ESM criteria) trusty_linux: ignored (reached end-of-life) trusty/esm_linux: ignored (was needed ESM criteria) xenial_linux: released (4.4.0-150.176) esm-infra/xenial_linux: released (4.4.0-150.176) bionic_linux: released (4.15.0-51.55) cosmic_linux: released (4.18.0-21.22) disco_linux: not-affected (5.0.0-11.12) devel_linux: not-affected (5.0.0-13.14) Patches_linux-lts-trusty: upstream_linux-lts-trusty: released (5.1~rc1) precise/esm_linux-lts-trusty: ignored (was needs-triage ESM criteria) trusty_linux-lts-trusty: DNE trusty/esm_linux-lts-trusty: DNE xenial_linux-lts-trusty: DNE bionic_linux-lts-trusty: DNE cosmic_linux-lts-trusty: DNE disco_linux-lts-trusty: DNE devel_linux-lts-trusty: DNE Patches_linux-goldfish: upstream_linux-goldfish: released (5.1~rc1) precise/esm_linux-goldfish: DNE trusty_linux-goldfish: ignored (abandoned) trusty/esm_linux-goldfish: DNE (trusty was ignored [abandoned]) xenial_linux-goldfish: ignored (end-of-life) bionic_linux-goldfish: DNE cosmic_linux-goldfish: DNE disco_linux-goldfish: DNE devel_linux-goldfish: DNE Patches_linux-grouper: upstream_linux-grouper: released (5.1~rc1) precise/esm_linux-grouper: DNE trusty_linux-grouper: ignored (abandoned) trusty/esm_linux-grouper: DNE (trusty was ignored [abandoned]) xenial_linux-grouper: DNE bionic_linux-grouper: DNE cosmic_linux-grouper: DNE disco_linux-grouper: DNE devel_linux-grouper: DNE Patches_linux-maguro: upstream_linux-maguro: released (5.1~rc1) precise/esm_linux-maguro: DNE trusty_linux-maguro: ignored (abandoned) trusty/esm_linux-maguro: DNE (trusty was ignored [abandoned]) xenial_linux-maguro: DNE bionic_linux-maguro: DNE cosmic_linux-maguro: DNE disco_linux-maguro: DNE devel_linux-maguro: DNE Patches_linux-mako: upstream_linux-mako: released (5.1~rc1) precise/esm_linux-mako: DNE trusty_linux-mako: ignored (abandoned) trusty/esm_linux-mako: DNE (trusty was ignored [abandoned]) xenial_linux-mako: ignored (abandoned) bionic_linux-mako: DNE cosmic_linux-mako: DNE disco_linux-mako: DNE devel_linux-mako: DNE Patches_linux-manta: upstream_linux-manta: released (5.1~rc1) precise/esm_linux-manta: DNE trusty_linux-manta: ignored (abandoned) trusty/esm_linux-manta: DNE (trusty was ignored [abandoned]) xenial_linux-manta: DNE bionic_linux-manta: DNE cosmic_linux-manta: DNE disco_linux-manta: DNE devel_linux-manta: DNE Patches_linux-flo: upstream_linux-flo: released (5.1~rc1) precise/esm_linux-flo: DNE trusty_linux-flo: ignored (abandoned) trusty/esm_linux-flo: DNE (trusty was ignored [abandoned]) xenial_linux-flo: ignored (abandoned) bionic_linux-flo: DNE cosmic_linux-flo: DNE disco_linux-flo: DNE devel_linux-flo: DNE Patches_linux-raspi2: upstream_linux-raspi2: released (5.1~rc1) precise/esm_linux-raspi2: DNE trusty_linux-raspi2: DNE trusty/esm_linux-raspi2: DNE xenial_linux-raspi2: released (4.4.0-1110.118) bionic_linux-raspi2: released (4.15.0-1037.39) cosmic_linux-raspi2: released (4.18.0-1015.17) disco_linux-raspi2: not-affected (5.0.0-1005.5) devel_linux-raspi2: not-affected (5.0.0-1006.6) Patches_linux-lts-utopic: upstream_linux-lts-utopic: released (5.1~rc1) precise/esm_linux-lts-utopic: DNE trusty_linux-lts-utopic: ignored (out of standard support) trusty/esm_linux-lts-utopic: DNE (trusty was ignored [end-of-life]) xenial_linux-lts-utopic: DNE bionic_linux-lts-utopic: DNE cosmic_linux-lts-utopic: DNE disco_linux-lts-utopic: DNE devel_linux-lts-utopic: DNE Patches_linux-lts-vivid: upstream_linux-lts-vivid: released (5.1~rc1) precise/esm_linux-lts-vivid: DNE trusty_linux-lts-vivid: ignored (out of standard support) trusty/esm_linux-lts-vivid: DNE (trusty was ignored [end-of-life]) xenial_linux-lts-vivid: DNE bionic_linux-lts-vivid: DNE cosmic_linux-lts-vivid: DNE disco_linux-lts-vivid: DNE devel_linux-lts-vivid: DNE Patches_linux-lts-wily: upstream_linux-lts-wily: released (5.1~rc1) precise/esm_linux-lts-wily: DNE trusty_linux-lts-wily: ignored (out of standard support) trusty/esm_linux-lts-wily: DNE (trusty was ignored [end-of-life]) xenial_linux-lts-wily: DNE bionic_linux-lts-wily: DNE cosmic_linux-lts-wily: DNE disco_linux-lts-wily: DNE devel_linux-lts-wily: DNE Patches_linux-lts-xenial: upstream_linux-lts-xenial: released (5.1~rc1) precise/esm_linux-lts-xenial: DNE trusty_linux-lts-xenial: ignored (reached end-of-life) trusty/esm_linux-lts-xenial: released (4.4.0-150.176~14.04.1) xenial_linux-lts-xenial: DNE bionic_linux-lts-xenial: DNE cosmic_linux-lts-xenial: DNE disco_linux-lts-xenial: DNE devel_linux-lts-xenial: DNE Patches_linux-snapdragon: upstream_linux-snapdragon: released (5.1~rc1) precise/esm_linux-snapdragon: DNE trusty_linux-snapdragon: DNE trusty/esm_linux-snapdragon: DNE xenial_linux-snapdragon: released (4.4.0-1114.119) bionic_linux-snapdragon: released (4.15.0-1054.58) cosmic_linux-snapdragon: DNE disco_linux-snapdragon: not-affected (5.0.0-1010.10) devel_linux-snapdragon: not-affected (5.0.0-1010.10) Patches_linux-aws: upstream_linux-aws: released (5.1~rc1) precise/esm_linux-aws: DNE trusty_linux-aws: ignored (reached end-of-life) trusty/esm_linux-aws: released (4.4.0-1045.48) xenial_linux-aws: released (4.4.0-1084.94) esm-infra/xenial_linux-aws: released (4.4.0-1084.94) bionic_linux-aws: released (4.15.0-1040.42) cosmic_linux-aws: released (4.18.0-1017.19) disco_linux-aws: not-affected (5.0.0-1002.2) devel_linux-aws: not-affected (5.0.0-1004.4) Patches_linux-hwe: upstream_linux-hwe: released (5.1~rc1) precise/esm_linux-hwe: DNE trusty_linux-hwe: DNE trusty/esm_linux-hwe: DNE xenial_linux-hwe: released (4.15.0-51.55~16.04.1) esm-infra/xenial_linux-hwe: released (4.15.0-51.55~16.04.1) bionic_linux-hwe: released (4.18.0-21.22~18.04.1) cosmic_linux-hwe: DNE disco_linux-hwe: DNE devel_linux-hwe: DNE Patches_linux-hwe-edge: upstream_linux-hwe-edge: released (5.1~rc1) precise/esm_linux-hwe-edge: DNE trusty_linux-hwe-edge: DNE trusty/esm_linux-hwe-edge: DNE xenial_linux-hwe-edge: released (4.15.0-51.55~16.04.1) esm-infra/xenial_linux-hwe-edge: released (4.15.0-51.55~16.04.1) bionic_linux-hwe-edge: not-affected (5.0.0-15.16~18.04.1) cosmic_linux-hwe-edge: DNE disco_linux-hwe-edge: DNE devel_linux-hwe-edge: DNE Patches_linux-gke: upstream_linux-gke: released (5.1~rc1) precise/esm_linux-gke: DNE trusty_linux-gke: DNE trusty/esm_linux-gke: DNE xenial_linux-gke: ignored (end-of-life) bionic_linux-gke: DNE cosmic_linux-gke: DNE disco_linux-gke: DNE devel_linux-gke: DNE Patches_linux-gke-4.15: upstream_linux-gke-4.15: released (5.1~rc1) precise/esm_linux-gke-4.15: DNE trusty/esm_linux-gke-4.15: DNE xenial_linux-gke-4.15: DNE bionic_linux-gke-4.15: released (4.15.0-1033.35) disco_linux-gke-4.15: DNE devel_linux-gke-4.15: DNE Patches_linux-gke-5.0: upstream_linux-gke-5.0: released (5.1~rc1) precise/esm_linux-gke-5.0: DNE trusty/esm_linux-gke-5.0: DNE xenial_linux-gke-5.0: DNE bionic_linux-gke-5.0: not-affected (5.0.0-1011.11~18.04.1) disco_linux-gke-5.0: DNE devel_linux-gke-5.0: DNE Patches_linux-azure: upstream_linux-azure: released (5.1~rc1) precise/esm_linux-azure: DNE trusty_linux-azure: ignored (reached end-of-life) trusty/esm_linux-azure: ignored (was needed ESM criteria) xenial_linux-azure: released (4.15.0-1046.50) esm-infra/xenial_linux-azure: released (4.15.0-1046.50) bionic_linux-azure: released (4.18.0-1019.19~18.04.1) cosmic_linux-azure: released (4.18.0-1019.19) disco_linux-azure: not-affected (5.0.0-1002.2) devel_linux-azure: not-affected (5.0.0-1004.4) Patches_linux-azure-edge: upstream_linux-azure-edge: released (5.1~rc1) precise/esm_linux-azure-edge: DNE trusty_linux-azure-edge: DNE trusty/esm_linux-azure-edge: DNE xenial_linux-azure-edge: released (4.15.0-1046.50) bionic_linux-azure-edge: released (4.18.0-1019.19~18.04.1) cosmic_linux-azure-edge: DNE disco_linux-azure-edge: DNE devel_linux-azure-edge: DNE Patches_linux-gcp: upstream_linux-gcp: released (5.1~rc1) precise/esm_linux-gcp: DNE trusty_linux-gcp: DNE trusty/esm_linux-gcp: DNE xenial_linux-gcp: released (4.15.0-1033.35~16.04.1) esm-infra/xenial_linux-gcp: released (4.15.0-1033.35~16.04.1) bionic_linux-gcp: released (4.15.0-1033.35) cosmic_linux-gcp: released (4.18.0-1012.13) disco_linux-gcp: not-affected (5.0.0-1002.2) devel_linux-gcp: not-affected (5.0.0-1004.4) Patches_linux-kvm: upstream_linux-kvm: released (5.1~rc1) precise/esm_linux-kvm: DNE trusty_linux-kvm: DNE trusty/esm_linux-kvm: DNE xenial_linux-kvm: released (4.4.0-1047.53) esm-infra/xenial_linux-kvm: released (4.4.0-1047.53) bionic_linux-kvm: released (4.15.0-1035.35) cosmic_linux-kvm: released (4.18.0-1013.13) disco_linux-kvm: not-affected (5.0.0-1002.2) devel_linux-kvm: not-affected (5.0.0-1004.4) Patches_linux-euclid: upstream_linux-euclid: released (5.1~rc1) precise/esm_linux-euclid: DNE trusty_linux-euclid: DNE trusty/esm_linux-euclid: DNE xenial_linux-euclid: ignored (was needs-triage ESM criteria) bionic_linux-euclid: DNE cosmic_linux-euclid: DNE disco_linux-euclid: DNE devel_linux-euclid: DNE Patches_linux-oem: upstream_linux-oem: released (5.1~rc1) precise/esm_linux-oem: DNE trusty_linux-oem: DNE trusty/esm_linux-oem: DNE xenial_linux-oem: ignored (was needs-triage now end-of-life) bionic_linux-oem: released (4.15.0-1039.44) cosmic_linux-oem: released (4.15.0-1039.44) disco_linux-oem: released (4.15.0-1039.44) devel_linux-oem: not-affected (4.15.0-1039.44) Patches_linux-gcp-edge: upstream_linux-gcp-edge: released (5.1~rc1) precise/esm_linux-gcp-edge: DNE trusty_linux-gcp-edge: DNE trusty/esm_linux-gcp-edge: DNE xenial_linux-gcp-edge: DNE bionic_linux-gcp-edge: released (4.15.0-1033.35) cosmic_linux-gcp-edge: DNE disco_linux-gcp-edge: DNE devel_linux-gcp-edge: DNE Patches_linux-aws-hwe: upstream_linux-aws-hwe: released (5.1~rc1) precise/esm_linux-aws-hwe: DNE trusty_linux-aws-hwe: DNE trusty/esm_linux-aws-hwe: DNE xenial_linux-aws-hwe: released (4.15.0-1040.42~16.04.1) esm-infra/xenial_linux-aws-hwe: released (4.15.0-1040.42~16.04.1) bionic_linux-aws-hwe: DNE cosmic_linux-aws-hwe: DNE disco_linux-aws-hwe: DNE devel_linux-aws-hwe: DNE Patches_linux-oracle: upstream_linux-oracle: released (5.1~rc1) precise/esm_linux-oracle: DNE trusty_linux-oracle: DNE trusty/esm_linux-oracle: DNE xenial_linux-oracle: released (4.15.0-1014.16~16.04.1) esm-infra/xenial_linux-oracle: released (4.15.0-1014.16~16.04.1) bionic_linux-oracle: released (4.15.0-1014.16) cosmic_linux-oracle: released (4.15.0-1014.16) disco_linux-oracle: released (4.15.0-1014.16) devel_linux-oracle: not-affected (4.15.0-1014.16)