Vulnerability Details CVE-2019-10125
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/bid/107655
- https://patchwork.kernel.org/patch/10828359/
- https://security.netapp.com/advisory/ntap-20190411-0003/
- https://support.f5.com/csp/article/K29215970
- http://www.securityfocus.com/bid/107655
- https://patchwork.kernel.org/patch/10828359/
- https://security.netapp.com/advisory/ntap-20190411-0003/
- https://support.f5.com/csp/article/K29215970
Products affected by CVE-2019-10125
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.10
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.5
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.6
-
cpe:2.3:a:netapp:hci_management_node:-
-
cpe:2.3:a:netapp:snapprotect:-
-
cpe:2.3:a:netapp:solidfire:-
-
cpe:2.3:h:netapp:cn1610:-
-
cpe:2.3:o:linux:linux_kernel:4.19
-
cpe:2.3:o:linux:linux_kernel:4.19.1
-
cpe:2.3:o:linux:linux_kernel:4.19.10
-
cpe:2.3:o:linux:linux_kernel:4.19.11
-
cpe:2.3:o:linux:linux_kernel:4.19.12
-
cpe:2.3:o:linux:linux_kernel:4.19.13
-
cpe:2.3:o:linux:linux_kernel:4.19.14
-
cpe:2.3:o:linux:linux_kernel:4.19.15
-
cpe:2.3:o:linux:linux_kernel:4.19.16
-
cpe:2.3:o:linux:linux_kernel:4.19.17
-
cpe:2.3:o:linux:linux_kernel:4.19.18
-
cpe:2.3:o:linux:linux_kernel:4.19.19
-
cpe:2.3:o:linux:linux_kernel:4.19.2
-
cpe:2.3:o:linux:linux_kernel:4.19.20
-
cpe:2.3:o:linux:linux_kernel:4.19.21
-
cpe:2.3:o:linux:linux_kernel:4.19.22
-
cpe:2.3:o:linux:linux_kernel:4.19.23
-
cpe:2.3:o:linux:linux_kernel:4.19.24
-
cpe:2.3:o:linux:linux_kernel:4.19.25
-
cpe:2.3:o:linux:linux_kernel:4.19.26
-
cpe:2.3:o:linux:linux_kernel:4.19.26.1
-
cpe:2.3:o:linux:linux_kernel:4.19.27
-
cpe:2.3:o:linux:linux_kernel:4.19.28
-
cpe:2.3:o:linux:linux_kernel:4.19.29
-
cpe:2.3:o:linux:linux_kernel:4.19.3
-
cpe:2.3:o:linux:linux_kernel:4.19.30
-
cpe:2.3:o:linux:linux_kernel:4.19.31
-
cpe:2.3:o:linux:linux_kernel:4.19.32
-
cpe:2.3:o:linux:linux_kernel:4.19.33
-
cpe:2.3:o:linux:linux_kernel:4.19.34
-
cpe:2.3:o:linux:linux_kernel:4.19.35
-
cpe:2.3:o:linux:linux_kernel:4.19.36
-
cpe:2.3:o:linux:linux_kernel:4.19.37
-
cpe:2.3:o:linux:linux_kernel:4.19.4
-
cpe:2.3:o:linux:linux_kernel:4.19.5
-
cpe:2.3:o:linux:linux_kernel:4.19.6
-
cpe:2.3:o:linux:linux_kernel:4.19.7
-
cpe:2.3:o:linux:linux_kernel:4.19.8
-
cpe:2.3:o:linux:linux_kernel:4.19.9
-
cpe:2.3:o:linux:linux_kernel:5.0
-
cpe:2.3:o:linux:linux_kernel:5.0.1
-
cpe:2.3:o:linux:linux_kernel:5.0.2
-
cpe:2.3:o:linux:linux_kernel:5.0.3
-
cpe:2.3:o:linux:linux_kernel:5.0.4
-
cpe:2.3:o:linux:linux_kernel:5.1
-
cpe:2.3:o:netapp:cn1610_firmware:-