Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (332 stars) — exploitation code widely available.
CVSS 7.8EPSS 52.2%KEV simPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
04 Jul 2019Metasploit module available
17 Jul 2019Public PoC
17 Jul 2019Published on NVD
10 Dec 2021Active exploitation (CISA KEV)
Weaponization speed
876 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Linux kernel's ptrace system allows a local attacker to gain root privileges by exploiting how the system records process credentials when creating a process tracing relationship. This can happen when a parent process drops privileges and runs a new program, potentially giving an attacker control.
Technical detail
CVE-2019-13272 involves a credential recording vulnerability in kernel/ptrace.c's ptrace_link function that fails to properly handle privileged ptrace relationships. The attack exploits parent-child process scenarios where privilege dropping precedes execve(), combined with object lifetime issues and incorrect privilege marking of ptrace relationships (exploitable via helpers like Polkit's pkexec with PTRACE_TRACEME), enabling local privilege escalation to root.
Summary generated and translated by AI from the official description.
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.