CVE-2019-6133

Published: 11 January 2019

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

From the Ubuntu security team

Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.

Notes

Author	Note
mdeslaur	This issue is better fixed in the kernel, adding kernel packages to this CVE.

Priority

CVSS 3 base score: 6.7

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-46.49)
	cosmic	Released (4.18.0-16.17)
	disco	Not vulnerable (4.19.0-12.13)
	precise	Ignored (was needed ESM criteria)
	trusty	Released (3.13.0-166.216)
	upstream	Released (5.0~rc2)
	xenial	Released (4.4.0-143.169)
	Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 7b55851367136b1efd84d98fea81ba57a98304cf
linux-aws Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1033.35)
	cosmic	Released (4.18.0-1011.13)
	disco	Not vulnerable (4.18.0-1011.13)
	precise	Does not exist
	trusty	Released (4.4.0-1039.42)
	upstream	Released (5.0~rc2)
	xenial	Released (4.4.0-1077.87)
linux-aws-hwe Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-1033.35~16.04.1)
linux-azure Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-1013.13~18.04.1)
	cosmic	Released (4.18.0-1013.13)
	disco	Not vulnerable (4.18.0-1013.13)
	precise	Does not exist
	trusty	Released (4.15.0-1040.44~14.04.1)
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-1040.44)
linux-azure-edge Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-1013.13~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-1040.44)
linux-euclid Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Ignored (was needed ESM criteria)
linux-flo Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (5.0~rc2)
	xenial	Ignored (abandoned)
linux-gcp Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1028.29)
	cosmic	Released (4.18.0-1007.8)
	disco	Not vulnerable (4.18.0-1007.8)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-1028.29~16.04.1)
linux-gcp-edge Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1028.29)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-gke Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Ignored (end-of-life)
linux-gke-4.15 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1030.32)
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-gke-5.0 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (5.0.0-1011.11~18.04.1)
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-goldfish Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (5.0~rc2)
	xenial	Ignored (end-of-life)
linux-grouper Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-hwe Launchpad, Ubuntu, Debian	bionic	Released (4.18.0-16.17~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-46.49~16.04.1)
linux-hwe-edge Launchpad, Ubuntu, Debian	bionic	Not vulnerable (5.0.0-15.16~18.04.1)
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-46.49~16.04.1)
linux-kvm Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1030.30)
	cosmic	Released (4.18.0-1008.8)
	disco	Not vulnerable (4.18.0-1008.8)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.4.0-1041.47)
linux-lts-trusty Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Released (3.13.0-166.216~precise1)
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-lts-utopic Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end-of-life])
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-lts-vivid Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end-of-life])
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-lts-wily Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end-of-life])
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-lts-xenial Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Released (4.4.0-143.169~14.04.2)
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-maguro Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-mako Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (5.0~rc2)
	xenial	Ignored (abandoned)
linux-manta Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (5.0~rc2)
	xenial	Does not exist
linux-oem Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1034.39)
	cosmic	Released (4.15.0-1034.39)
	disco	Not vulnerable (4.15.0-1034.39)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Ignored (was needs-triage now end-of-life)
linux-oracle Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1009.11)
	cosmic	Released (4.15.0-1009.11)
	disco	Not vulnerable (4.15.0-1009.11)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.15.0-1009.11~16.04.1)
linux-raspi2 Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1032.34)
	cosmic	Released (4.18.0-1010.12)
	disco	Not vulnerable (4.18.0-1010.12)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.4.0-1104.112)
linux-snapdragon Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1053.57)
	cosmic	Does not exist
	disco	Not vulnerable (5.0.0-1010.10)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (5.0~rc2)
	xenial	Released (4.4.0-1108.113)
policykit-1 Launchpad, Ubuntu, Debian	bionic	Released (0.105-20ubuntu0.18.04.5)
	cosmic	Released (0.105-21ubuntu0.4)
	disco	Released (0.105-25)
	precise	Released (0.104-1ubuntu1.5)
	trusty	Released (0.105-4ubuntu3.14.04.6)
	upstream	Needs triage
	xenial	Released (0.105-14.1ubuntu0.5)
	Patches: upstream: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security