CVE-2019-19241 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-19241 PUBLISHED

In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.

EPSS 0.93% · 76.0th percentile

Risk Scores

EPSS Score

0.93%

76.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	linux-realtime	5.15.0-1032.35, 0
Ubuntu:20.04:LTS	linux-gkeop-5.15	5.15.0-1015.19~20.04.1, 5.15.0-1013.17~20.04.1, 5.15.0-1012.16~20.04.1
Ubuntu:24.04:LTS	linux-raspi-realtime	0, 6.8.0-2019.20
Ubuntu:20.04:LTS	linux-azure-fde	5.4.0-1070.73+cvm1.1, 0, 5.4.0-1063.66+cvm2.2
Ubuntu:18.04:LTS	linux-hwe	4.18.0-17.18~18.04.1, 4.18.0-25.26~18.04.1, 5.0.0-27.28~18.04.1
Ubuntu:18.04:LTS	linux-azure-5.3	0, 5.3.0-1009.10~18.04.1, 5.3.0-1008.9~18.04.1
Ubuntu:18.04:LTS	linux-gke-5.3	5.3.0-1011.12~18.04.1, 0
Ubuntu:18.04:LTS	linux-raspi2-5.3	0, 5.3.0-1017.19~18.04.1
Ubuntu:22.04:LTS	linux-intel-iot-realtime	5.15.0-1073.75, 0
Ubuntu:18.04:LTS	linux-gcp-5.3	5.3.0-1008.9~18.04.1, 5.3.0-1009.10~18.04.1, 5.3.0-1010.11~18.04.1
Ubuntu:18.04:LTS	linux-gcp-edge	5.0.0-1011.11~18.04.1, 5.0.0-1013.13~18.04.1, 0
Ubuntu:22.04:LTS	linux-riscv	5.15.0-1005.5, 5.15.0-1004.4, 5.13.0-1010.11+22.04.1
Ubuntu:18.04:LTS	linux-azure-edge	0, 4.18.0-1006.6~18.04.1, 4.18.0-1007.7~18.04.1
Ubuntu:18.04:LTS	linux-hwe-edge	5.0.0-17.18~18.04.1, 0, 5.0.0-15.16~18.04.1
Ubuntu:20.04:LTS	linux-gkeop	5.4.0-1014.15, 5.4.0-1016.17, 5.4.0-1018.19
Ubuntu:20.04:LTS	linux-raspi2	0, 5.3.0-1007.8, 5.3.0-1014.16
Ubuntu:20.04:LTS	linux-gke	5.4.0-1074.79, 5.4.0-1105.112, 5.4.0-1104.111
Ubuntu:16.04:LTS	linux-hwe-edge	0, 4.15.0-23.25~16.04.1, 4.15.0-22.24~16.04.1

Timeline

Dec 17, 2019 PoC Published
Dec 17, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2019-19241 third-party-advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1975 third-party-advisory
https://git.kernel.org/linus/181e448d8709e517c9c7b523fcd209f24eb38ca7 third-party-advisory
https://git.kernel.org/linus/d69e07793f891524c6bbf1e75b9ae69db4450953 third-party-advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2 third-party-advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=181e448d8709e517c9c7b523fcd209f24eb38ca7 third-party-advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d69e07793f891524c6bbf1e75b9ae69db4450953 third-party-advisory
https://ubuntu.com/security/notices/USN-4284-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2019-19241 third-party-advisory

Open in Interactive Console →