CVE-2019-14898 in Red Hat and Linux Products
Published on May 8, 2020

The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

NVD

Weakness Types

What is a Race Condition Vulnerability?

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CVE-2019-14898 has been classified to as a Race Condition vulnerability or weakness.

Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Products Associated with CVE-2019-14898

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14898 are published in these products:

Red Hat Enterprise Mrg

Linux Kernel

Affected Versions

Linux kernel kernel Version < 5.0.10 is affected by CVE-2019-14898

Exploit Probability

EPSS

0.05%

Percentile

15.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.