An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/107655 | Third Party Advisory VDB Entry |
| https://patchwork.kernel.org/patch/10828359/ | Exploit Patch Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20190411-0003/ | Third Party Advisory |
| https://support.f5.com/csp/article/K29215970 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
| AND |
|
History
02 Jun 2021, 15:25
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:* |
15 Apr 2021, 13:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://security.netapp.com/advisory/ntap-20190411-0003/ - Third Party Advisory | |
| References | (CONFIRM) https://support.f5.com/csp/article/K29215970 - Third Party Advisory | |
| References | (BID) http://www.securityfocus.com/bid/107655 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:* |
Information
Published : 2019-03-27 06:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-10125
Mitre link : CVE-2019-10125
CVE.ORG link : CVE-2019-10125
JSON object : View
Products Affected
netapp
- solidfire
- active_iq_unified_manager
- hci_management_node
- snapprotect
- cn1610
- cn1610_firmware
linux
- linux_kernel
CWE
CWE-416
Use After Free