{"id":"CVE-2019-11191","details":"The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported","modified":"2026-03-12T22:57:56.171180Z","published":"2019-04-12T00:29:00.310Z","references":[{"type":"WEB","url":"https://usn.ubuntu.com/4006-2/"},{"type":"WEB","url":"https://usn.ubuntu.com/4007-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4008-3/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/05/22/7"},{"type":"WEB","url":"https://usn.ubuntu.com/4006-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4007-2/"},{"type":"WEB","url":"https://usn.ubuntu.com/4008-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/04/18/5"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107887"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/04/03/4"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/04/03/4/1"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.0.7"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11191.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}