From 420e29ab26cdb1888721f55e85514b6a65e88cb0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 17 Jul 2019 13:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/10xxx/CVE-2014-10374.json | 5 +++ 2019/13xxx/CVE-2019-13272.json | 82 ++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 2019/13xxx/CVE-2019-13272.json diff --git a/2014/10xxx/CVE-2014-10374.json b/2014/10xxx/CVE-2014-10374.json index 0728897042b..490f9c2a4ad 100644 --- a/2014/10xxx/CVE-2014-10374.json +++ b/2014/10xxx/CVE-2014-10374.json @@ -56,6 +56,11 @@ "url": "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf", "refsource": "MISC", "name": "https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/TedOnPrivacy/status/1151390589990187008", + "url": "https://twitter.com/TedOnPrivacy/status/1151390589990187008" } ] } diff --git a/2019/13xxx/CVE-2019-13272.json b/2019/13xxx/CVE-2019-13272.json new file mode 100644 index 00000000000..c9f6d8b9f36 --- /dev/null +++ b/2019/13xxx/CVE-2019-13272.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html" + }, + { + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17" + }, + { + "url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee" + } + ] + } +} \ No newline at end of file