Cyber Resilience

CVE-2019-13272

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 17 July 2019

Published
17 July 2019
Modified
06 November 2025
KEV Added
10 December 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8038 99.1th percentile
Risk Priority 84 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-13272 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a flaw in the Linux kernel prior to version 5.1.17 within the ptrace_link function in kernel/ptrace.c. It stems from improper handling of credential recording when establishing a ptrace relationship, combined with an object lifetime issue and incorrect privilege marking on the relationship. This affects local process interactions on affected kernels and can be triggered through mechanisms such as Polkit's pkexec helper using PTRACE_TRACEME.

Local users can exploit the issue in scenarios involving a parent-child process relationship where the parent drops privileges before calling execve. Successful exploitation grants the attacker root privileges on the system, with a CVSS score of 7.8 reflecting high impact on confidentiality, integrity, and availability from a local, low-complexity attack.

Advisories referenced in the CVE, including Slackware kernel updates and Canonical kernel live patch notices, indicate that mitigation is achieved by applying the upstream kernel patch to version 5.1.17 or later. The description also notes that SELinux with deny_ptrace enabled may serve as a partial workaround in certain environments. Public exploit code for the PTRACE_TRACEME local root technique has been published, confirming practical exploitability on unpatched systems.

EU & UK References

Vulnerability details

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child…

more

process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

CWE(s)
KEV Date Added
10 December 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
3.16.52 — 3.16.71 · 4.1.39 — 4.2 · 4.4.40 — 4.4.185
debian
debian linux
10.0, 8.0, 9.0
fedoraproject
fedora
29
canonical
ubuntu linux
16.04, 18.04, 19.04
redhat
enterprise linux
7.0, 8.0
redhat
enterprise linux for arm 64
7.0_aarch64
redhat
enterprise linux for ibm z systems
7.0_s390x
redhat
enterprise linux for real time
8
redhat
enterprise linux for real time for nfv
8.0
redhat
enterprise linux for real time for nfv tus
8.2, 8.4, 8.6, 8.8
+12 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the upstream kernel patch (to 5.1.17+) that corrects the ptrace_link credential and lifetime flaw.

prevent

Enforces the kernel's access-control decision on PTRACE_TRACEME and ptrace relationships so an unprivileged child cannot obtain root credentials.

prevent

Maintains separate execution domains between processes, limiting the ability of a dropped-privilege parent/child pair to misuse ptrace for privilege escalation.

References