First published: Wed Nov 20 2019(Updated: )
Linux Kernel is vulnerable to a denial of service, caused by a race condition in between mmget_not_zero()/get_task_mm() and core dumping. By using a specially-crafted system call, a local authenticated attacker could exploit this vulnerability to cause the system to crash or obtain sensitive information.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1062.12.1.rt56.1042.el7 | 0:3.10.0-1062.12.1.rt56.1042.el7 |
redhat/kernel | <0:3.10.0-1062.12.1.el7 | 0:3.10.0-1062.12.1.el7 |
redhat/kernel-rt | <0:4.18.0-147.5.1.rt24.98.el8_1 | 0:4.18.0-147.5.1.rt24.98.el8_1 |
redhat/kernel | <0:4.18.0-147.5.1.el8_1 | 0:4.18.0-147.5.1.el8_1 |
Linux Linux kernel | =5.0.10 | |
Redhat Enterprise Mrg | =2.0 | |
IBM Data Risk Manager | <=2.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-14898 is a vulnerability in the Linux Kernel that allows a local authenticated attacker to cause a denial of service or obtain sensitive information.
The affected software versions include Redhat Kernel 3.10.0-1062.12.1.rt56.1042.el7, Redhat Kernel 3.10.0-1062.12.1.el7, Redhat Kernel 4.18.0-147.5.1.rt24.98.el8_1, Redhat Kernel 4.18.0-147.5.1.el8_1, Linux Kernel 5.0.10, and Redhat Enterprise MRG 2.0.
CVE-2019-14898 has a severity level of high.
To fix CVE-2019-14898, apply the appropriate patches provided by the software vendors or update to the patched versions of the affected software.
You can find more information about CVE-2019-14898 at the following references: [link1](https://access.redhat.com/security/cve/CVE-2019-11599), [link2](https://bugs.chromium.org/p/project-zero/issues/detail?id=1790), [link3](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114).