{"id":"CVE-2019-11190","details":"The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.","modified":"2026-03-12T22:57:56.170156Z","published":"2019-04-12T00:29:00.217Z","related":["SUSE-SU-2019:14089-1","SUSE-SU-2019:1527-1","SUSE-SU-2019:1532-1","SUSE-SU-2019:1533-1","SUSE-SU-2019:1534-1","SUSE-SU-2019:1692-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/107890"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4008-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4008-3/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/04/15/1"},{"type":"WEB","url":"https://usn.ubuntu.com/4008-2/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=a5b5352558f6808db0589644ea5401b3e3148a0d"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=e1676b55d874a43646e8b2c46d87f2f3e45516ff"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/04/03/4"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/04/03/4/1"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11190.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}