First published: Wed Apr 03 2019(Updated: )
A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1127.rt56.1093.el7 | 0:3.10.0-1127.rt56.1093.el7 |
redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
Linux Linux kernel | <4.8 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11190 is a vulnerability in the Linux kernel that allows a local attacker to bypass ASLR on setuid programs.
CVE-2019-11190 has a severity level of low.
To fix CVE-2019-11190, it is recommended to update your Linux kernel to version 4.8 or higher.
Linux versions before 4.8 are affected by CVE-2019-11190.
You can find more information about CVE-2019-11190 at the following references: [link1] [link2] [link3].