How severe is CVE-2019-11599?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2019-11599?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2019-11599

HIGH Year: 2019

CVSS v3 Score

7.0

High

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-667

View all →

Vulnerability Description

The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.

CVE-2021-1782

HIGH

CVSS:7.0(High)

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 an...

CWE-6672021

CVE-2021-26708

HIGH

CVSS:7.0(High)

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The rac...

CWE-6672021

CVE-2022-20422

HIGH

CVSS:7.0(High)

In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privil...

CWE-6672022

CVE-2022-2959

HIGH

CVSS:7.0(High)

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack ...

CWE-6672022

CVE-2022-3028

HIGH

CVSS:7.0(High)

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local at...

CWE-6672022

CVE-2019-17343

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.

CWE-6672019

CVE-2019-11599

Vulnerability Description

Related Vulnerabilities

CVE-2021-1782

CVE-2021-26708

CVE-2022-20422

CVE-2022-2959

CVE-2022-3028

CVE-2019-17343