The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.
Authentication Bypass
Race Condition
Linux
Linux Kernel
NVD
CVSS 3.0
2.5
EPSS
0.5%