Back to KEVs

CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 04, 2019
Published Date
July 17, 2019
Last Updated
February 04, 2025
Vendor
Linux
Product
kernel
Description
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
Tags
linux ios cisa metasploit_scanner

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-12-10 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2023-09-04 15:16:09 UTC) Source

References

http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1903 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17 https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee https://bugzilla.suse.com/show_bug.cgi?id=1140671 https://bugzilla.redhat.com/show_bug.cgi?id=1730895 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/ https://www.debian.org/security/2019/dsa-4484 https://seclists.org/bugtraq/2019/Jul/30 https://seclists.org/bugtraq/2019/Jul/33 https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://security.netapp.com/advisory/ntap-20190806-0001/ https://access.redhat.com/errata/RHSA-2019:2405 https://access.redhat.com/errata/RHSA-2019:2411 https://usn.ubuntu.com/4093-1/ https://usn.ubuntu.com/4094-1/ https://usn.ubuntu.com/4095-1/ http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html https://support.f5.com/csp/article/K91025336 https://usn.ubuntu.com/4117-1/ https://usn.ubuntu.com/4118-1/ https://access.redhat.com/errata/RHSA-2019:2809 https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-12-10 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb 2025-04-29 11:01:17 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ptrace_traceme_pkexec_helper

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-13272

josemlwdf/CVE-2019-13272

Type: github • Created: 2024-06-20 10:04:13 UTC • Stars: 2

This is a Python 3 version of this exploit. Hope it works!!!

MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation

Type: github • Created: 2024-01-31 21:50:04 UTC • Stars: 2

Es una vulnerabilidad para escalar privilegios en linux.

asepsaepdin/CVE-2019-13272

Type: github • Created: 2023-09-04 15:16:09 UTC • Stars: 0

babyshen/CVE-2019-13272

Type: github • Created: 2022-03-10 01:27:46 UTC • Stars: 0

datntsec/CVE-2019-13272

Type: github • Created: 2020-10-19 02:33:29 UTC • Stars: 0

oneoy/CVE-2019-13272

Type: github • Created: 2019-08-07 01:21:26 UTC • Stars: 3

linux 提权

Cyc1eC/CVE-2019-13272

Type: github • Created: 2019-07-31 06:36:21 UTC • Stars: 5

The exploit for CVE-2019-13272

jas502n/CVE-2019-13272

Type: github • Created: 2019-07-31 04:51:43 UTC • Stars: 330

Linux 4.10 < 5.1.17 PTRACE_TRACEME local root

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Metasploit