CVE-2019-13272

Updated: 2025-11-19 05:38:59.986792

Description:

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.2
CVSS Version 3.x HIGH 7.8

Known exploits

Added Date Description Due Date Notes
2021-12-10 Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. 2022-06-10 https://nvd.nist.gov/vuln/detail/CVE-2019-13272

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2023-11-02 09:35:36
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2024-06-11 14:47:10
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2024-06-11 14:45:45
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Already Fixed 2024-06-11 14:21:06
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-01-10 22:43:55 CL7 support is limited
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2025-05-11 04:36:23
Oracle Linux 7 ELS kernel-uek 5.4.17 7.8 HIGH Needs Triage 2025-11-19 08:36:28
RHEL 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2025-05-28 00:26:08
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Already Fixed 2022-09-28 08:02:28
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Not Vulnerable 2021-12-17 05:55:04
Total: 11