What is CVE-2019-14898?

CVE-2019-14898 is a vulnerability in the Linux Kernel that allows a local authenticated attacker to cause a denial of service or obtain sensitive information.

Which software versions are affected by CVE-2019-14898?

The affected software versions include Redhat Kernel 3.10.0-1062.12.1.rt56.1042.el7, Redhat Kernel 3.10.0-1062.12.1.el7, Redhat Kernel 4.18.0-147.5.1.rt24.98.el8_1, Redhat Kernel 4.18.0-147.5.1.el8_1, Linux Kernel 5.0.10, and Redhat Enterprise MRG 2.0.

What is the severity of CVE-2019-14898?

CVE-2019-14898 has a severity level of high.

How can I fix CVE-2019-14898?

To fix CVE-2019-14898, apply the appropriate patches provided by the software vendors or update to the patched versions of the affected software.

Where can I find more information about CVE-2019-14898?

You can find more information about CVE-2019-14898 at the following references: [link1](https://access.redhat.com/security/cve/CVE-2019-11599), [link2](https://bugs.chromium.org/p/project-zero/issues/detail?id=1790), [link3](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114).

Vulnerability/
CVE-2019-14898

high

CWE

362 667

20/11/2019

7/9/2023

CVE-2019-14898: Race Condition

First published: Wed Nov 20 2019(Updated: )

Linux Kernel is vulnerable to a denial of service, caused by a race condition in between mmget_not_zero()/get_task_mm() and core dumping. By using a specially-crafted system call, a local authenticated attacker could exploit this vulnerability to cause the system to crash or obtain sensitive information.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:3.10.0-1062.12.1.rt56.1042.el7	0:3.10.0-1062.12.1.rt56.1042.el7
redhat/kernel	<0:3.10.0-1062.12.1.el7	0:3.10.0-1062.12.1.el7
redhat/kernel-rt	<0:4.18.0-147.5.1.rt24.98.el8_1	0:4.18.0-147.5.1.rt24.98.el8_1
redhat/kernel	<0:4.18.0-147.5.1.el8_1	0:4.18.0-147.5.1.el8_1
Linux Linux kernel	=5.0.10
Redhat Enterprise Mrg	=2.0
IBM Data Risk Manager	<=2.0.6

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2019-14898?
CVE-2019-14898 is a vulnerability in the Linux Kernel that allows a local authenticated attacker to cause a denial of service or obtain sensitive information.
Which software versions are affected by CVE-2019-14898?
The affected software versions include Redhat Kernel 3.10.0-1062.12.1.rt56.1042.el7, Redhat Kernel 3.10.0-1062.12.1.el7, Redhat Kernel 4.18.0-147.5.1.rt24.98.el8_1, Redhat Kernel 4.18.0-147.5.1.el8_1, Linux Kernel 5.0.10, and Redhat Enterprise MRG 2.0.
What is the severity of CVE-2019-14898?
CVE-2019-14898 has a severity level of high.
How can I fix CVE-2019-14898?
To fix CVE-2019-14898, apply the appropriate patches provided by the software vendors or update to the patched versions of the affected software.
Where can I find more information about CVE-2019-14898?
You can find more information about CVE-2019-14898 at the following references: [link1](https://access.redhat.com/security/cve/CVE-2019-11599), [link2](https://bugs.chromium.org/p/project-zero/issues/detail?id=1790), [link3](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/ibm-support
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-14898
collector/redhat-cve
vendor/ibm
canonical/ibm data risk manager
version/ibm data risk manager/2.0.6
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.0.10
vendor/redhat
canonical/redhat enterprise mrg
version/redhat enterprise mrg/2.0
package-manager/redhat