CVE-2019-13272
Publication date 17 July 2019
Last updated 21 August 2024
Ubuntu priority
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
From the Ubuntu Security Team
Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 18.04 LTS bionic |
Fixed 4.15.0-58.64
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-159.187
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-aws | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1047.49
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1090.101
|
|
| 14.04 LTS trusty | Ignored | |
| linux-aws-5.0 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-hwe | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 4.15.0-1047.49~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-azure | ||
| 18.04 LTS bionic |
Fixed 5.0.0-1014.14~18.04.1
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1055.60
|
|
| 14.04 LTS trusty | Ignored | |
| linux-azure-5.3 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-edge | ||
| 18.04 LTS bionic |
Fixed 5.0.0-1014.14~18.04.1
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1055.60
|
|
| 14.04 LTS trusty | Not in release | |
| linux-euclid | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-flo | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1040.42
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1040.42~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.3 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-edge | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1040.42
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-4.15 | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1040.42
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.0 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-grouper | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe | ||
| 18.04 LTS bionic |
Fixed 5.0.0-25.26~18.04.1
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-58.64~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial |
Fixed 4.15.0-58.64~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-kvm | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1042.42
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1054.61
|
|
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Ignored | |
| linux-maguro | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-mako | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-manta | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1050.57
|
|
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.4 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-osp1 | ||
| 18.04 LTS bionic |
Fixed 5.0.0-1018.20
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1021.23
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1021.23~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.0 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1043.46
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1118.127
|
|
| 14.04 LTS trusty | Not in release | |
| linux-raspi2-5.3 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1060.66
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1122.128
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4118-1
- Linux kernel (AWS) vulnerabilities
- 2 September 2019
- USN-4095-1
- Linux kernel vulnerabilities
- 13 August 2019
- USN-4094-1
- Linux kernel vulnerabilities
- 13 August 2019
- USN-4117-1
- Linux kernel (AWS) vulnerabilities
- 2 September 2019
- USN-4093-1
- Linux kernel vulnerabilities
- 13 August 2019
Other references
- http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://www.cve.org/CVERecord?id=CVE-2019-13272
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog