NVD Vulnerability Detail

CVE-2019-14898

Summary	The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Publication Date	May 8, 2020, 11:15 p.m.
Registration Date	Jan. 26, 2021, 11:39 a.m.
Last Update	Nov. 21, 2024, 1:27 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel:5.0.10:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://bugs.chromium.org/p/project-zero/issues/detail?id=1790	Exploit Mailing List Patch Third Party Advisory
2	https://bugs.chromium.org/p/project-zero/issues/detail?id=1790	Exploit Mailing List Patch Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898	Issue Tracking Third Party Advisory
4	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898	Issue Tracking Third Party Advisory
5	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114	Mailing List Vendor Advisory
6	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114	Mailing List Vendor Advisory
7	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37	Mailing List Vendor Advisory
8	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37	Mailing List Vendor Advisory
9	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10	Mailing List Vendor Advisory
10	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10	Mailing List Vendor Advisory
11	https://security.netapp.com/advisory/ntap-20200608-0001/
12	https://security.netapp.com/advisory/ntap-20200608-0001/
13	https://www.oracle.com/security-alerts/cpuApr2021.html
14	https://www.oracle.com/security-alerts/cpuApr2021.html

Common Vulnerabilities List

JVN Vulnerability Information

Linux Kernel におけるリソースのロックに関する脆弱性

Title	Linux Kernel におけるリソースのロックに関する脆弱性
Summary	Linux Kernel には、リソースのロックに関する脆弱性、および競合状態に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 27, 2020, midnight
Registration Date	June 11, 2020, 5 p.m.
Last Update	June 11, 2020, 5 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

Linux

Linux Kernel 5.0.10 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-14898	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14898
National Vulnerability Database (NVD)
2	CVE-2019-14898	https://nvd.nist.gov/vuln/detail/CVE-2019-14898

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html
2	CWE-667	http://cwe.mitre.org/data/definitions/667.html

ベンダー情報

No	Name	URL
ChangeLog
1	ChangeLog-4.14.114	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
2	ChangeLog-4.19.37	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
3	ChangeLog-5.0.10	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
Linux Kernel
4	Linux Kernel Archives	http://www.kernel.org
Red Hat Bugzilla
5	Bug 1774671	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898

その他

No	Name	URL
関連文書
1	Issue 1790: Linux: missing locking between ELF coredump code and userfaultfd VMA modification	https://bugs.chromium.org/p/project-zero/issues/detail?id=1790

Change Log

No	Changed Details	Date of change
1	[2020年06月11日] 掲載	June 11, 2020, 5 p.m.