← back
CVE-2019-13272

CVE-2019-13272

CVSS 7.8 HIGHEPSS 52.2%● KEV
In short

A flaw in Linux kernel's ptrace system allows a local attacker to gain root privileges by exploiting how the system records process credentials when creating a process tracing relationship. This can happen when a parent process drops privileges and runs a new program, potentially giving an attacker control.

Technical detail

CVE-2019-13272 involves a credential recording vulnerability in kernel/ptrace.c's ptrace_link function that fails to properly handle privileged ptrace relationships. The attack exploits parent-child process scenarios where privilege dropping precedes execve(), combined with object lifetime issues and incorrect privilege marking of ptrace relationships (exploitable via helpers like Polkit's pkexec with PTRACE_TRACEME), enabling local privilege escalation to root.

Summary generated and translated by AI from the official description.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found29
githubgithub.com/jas502n/CVE-2019-13272332githubgithub.com/Cyc1eC/CVE-2019-132725githubgithub.com/oneoy/CVE-2019-132724githubgithub.com/josemlwdf/CVE-2019-132723githubgithub.com/Tharana/vulnerability-exploitation3githubgithub.com/MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation2githubgithub.com/bigbigliang-malwarebenchmark/cve-2019-132721githubgithub.com/Tharana/Exploiting-a-Linux-kernel-vulnerability1githubgithub.com/datntsec/CVE-2019-132720githubgithub.com/jana30116/CVE-2019-13272-Local-Privilege-Escalation0githubgithub.com/GgKendall/secureCodingDemo0githubgithub.com/babyshen/CVE-2019-132720githubgithub.com/asepsaepdin/CVE-2019-132720githubgithub.com/Chinmay1743/ptrace-vuln0githubgithub.com/letsr00t/CVE-2019-132720githubgithub.com/polosec/CVE-2019-132720githubgithub.com/sumedhaDharmasena/-Kernel-ptrace-c-mishandles-vulnerability-CVE-2019-132720githubgithub.com/RashmikaEkanayake/Privilege-Escalation-CVE-2019-13272-0githubgithub.com/teddy47/CVE-2019-13272---Documentation0exploitdbwww.exploit-db.com/exploits/47543unverifiedcve_referencepacketstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlunverifiedcve_referencepacketstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.htmlunverifiedcve_referencepacketstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.htmlunverifiedcve_referencepacketstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.htmlunverifiedcve_referencepacketstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47133unverifiedexploitdbwww.exploit-db.com/exploits/47163unverifiedexploitdbwww.exploit-db.com/exploits/50541unverifiedcve_referencepacketstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.htmlhttp://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlhttp://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.htmlhttp://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.htmlhttp://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.htmlhttp://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.htmlhttps://access.redhat.com/errata/RHSA-2019:2405https://access.redhat.com/errata/RHSA-2019:2411https://access.redhat.com/errata/RHSA-2019:2809https://bugs.chromium.org/p/project-zero/issues/detail?id=1903https://bugzilla.redhat.com/show_bug.cgi?id=1730895https://bugzilla.suse.com/show_bug.cgi?id=1140671