Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2019-13272
PUBLISHEDIn the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a...
- Vendor
- Linux
- Product
- kernel
- Published
- Jul 17, 2019
- EPSS
- —
Description
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitation status
Exploited in the wild
Recorded 2021-12-10 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
- https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee
- https://bugzilla.suse.com/show_bug.cgi?id=1140671
- https://bugzilla.redhat.com/show_bug.cgi?id=1730895
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/
- https://www.debian.org/security/2019/dsa-4484
- https://seclists.org/bugtraq/2019/Jul/30
- https://seclists.org/bugtraq/2019/Jul/33
- https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://security.netapp.com/advisory/ntap-20190806-0001/
- https://access.redhat.com/errata/RHSA-2019:2405
- https://access.redhat.com/errata/RHSA-2019:2411
- https://usn.ubuntu.com/4093-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://support.f5.com/csp/article/K91025336
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:2809
- https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS
- http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html
- http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html
- http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Dec 10, 2021 |
| CISA | Dec 10, 2021 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-06-20 10:04:13 UTC · 2 stars
This is a Python 3 version of this exploit. Hope it works!!!
github · Created 2024-01-31 21:50:04 UTC · 2 stars
Es una vulnerabilidad para escalar privilegios en linux.
github · Created 2023-09-04 15:16:09 UTC · 0 stars
github · Created 2022-03-10 01:27:46 UTC · 0 stars
github · Created 2020-10-19 02:33:29 UTC · 0 stars
github · Created 2019-07-31 06:36:21 UTC · 5 stars
The exploit for CVE-2019-13272
github · Created 2019-07-31 04:51:43 UTC · 330 stars
Linux 4.10 < 5.1.17 PTRACE_TRACEME local root
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Added to KEVIntel
-
Detected by Metasploit