An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19 | Mailing List Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 | Mailing List Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210720-0003/ | Third Party Advisory |
https://sites.google.com/view/syzscope/warning-in-xfrm_state_fini-2 | Exploit Third Party Advisory |
https://syzkaller.appspot.com/bug?id=f99edaeec58ad40380ed5813d89e205861be2896 | Exploit Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
Configuration 21 (hide)
AND |
|
History
29 Apr 2022, 17:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
First Time |
Netapp h410c
Netapp h700s Netapp Netapp h500e Firmware Netapp h300e Firmware Netapp h500s Firmware Netapp h300s Firmware Netapp fas 8700 Firmware Netapp h500e Netapp aff A400 Netapp fabric-attached Storage A400 Firmware Netapp h700e Netapp solidfire \& Hci Management Node Netapp aff 8300 Firmware Netapp aff 8700 Firmware Netapp h300e Netapp fas 8300 Netapp h410s Netapp h610c Firmware Netapp h410s Firmware Netapp h410c Firmware Netapp h610s Netapp fas 8300 Firmware Netapp h700e Firmware Netapp fabric-attached Storage A400 Netapp solidfire Baseboard Management Controller Firmware Netapp fas 8700 Netapp aff 8700 Netapp cloud Backup Netapp h615c Firmware Netapp h700s Firmware Netapp aff A400 Firmware Netapp aff 8300 Netapp aff A700s Firmware Netapp h615c Netapp aff A700s Netapp h610s Firmware Netapp h500s Netapp h610c Netapp h300s Netapp solidfire Baseboard Management Controller |
|
CPE | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:* |
15 Jun 2021, 13:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19 - Mailing List, Release Notes, Vendor Advisory | |
References | (MISC) https://sites.google.com/view/syzscope/warning-in-xfrm_state_fini-2 - Exploit, Third Party Advisory | |
References | (MISC) https://syzkaller.appspot.com/bug?id=f99edaeec58ad40380ed5813d89e205861be2896 - Exploit, Mailing List, Third Party Advisory |
07 Jun 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-07 20:15
Updated : 2023-12-10 13:55
NVD link : CVE-2019-25045
Mitre link : CVE-2019-25045
CVE.ORG link : CVE-2019-25045
JSON object : View
Products Affected
netapp
- h700s_firmware
- aff_8300
- h610c_firmware
- h410s
- h615c_firmware
- aff_8300_firmware
- h500e_firmware
- cloud_backup
- solidfire_\&_hci_management_node
- fas_8700
- fabric-attached_storage_a400_firmware
- fas_8700_firmware
- h500e
- aff_a700s
- solidfire_baseboard_management_controller_firmware
- fabric-attached_storage_a400
- h615c
- h700e_firmware
- h300s
- h700s
- h610s_firmware
- h610c
- h300e
- aff_8700
- h700e
- h410s_firmware
- h500s
- fas_8300_firmware
- aff_a400_firmware
- h300s_firmware
- h410c
- h500s_firmware
- h300e_firmware
- aff_a700s_firmware
- aff_8700_firmware
- h610s
- fas_8300
- aff_a400
- h410c_firmware
- solidfire_baseboard_management_controller
linux
- linux_kernel
CWE
CWE-416
Use After Free