Bug 1786179 (CVE-2019-19770)
Summary: | CVE-2019-19770 kernel: use-after-free in debugfs_remove in fs/debugfs/inode.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bdettelb, bhu, blc, brdeoliv, bskeggs, dchinner, dhoward, dvlasenk, esammons, esandeen, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, qzhao, rkeshri, rt-maint, rvrbovsk, sgrubb, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | Flags: | rkeshri:
needinfo+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 02:23:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1890029, 1786181, 1816556, 1816557, 1816558, 1816559, 1816560, 1890026, 1890027, 1890028, 1890030 | ||
Bug Blocks: | 1786180 |
Description
Guilherme de Almeida Suckevicz
2019-12-23 18:08:49 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1786181] https://lore.kernel.org/linux-fsdevel/20200402000002.7442-1-mcgrof@kernel.org/T/#mc62cc15324d1da505c6a9c50e3363f4d20537d45 Looks like it's just a blktrace bug, not a critical security problem: "We there would like to contend CVE-2019-19770 as invalid. The implications suggested are not correct, and this issue is only triggerable with root, by shooting yourself on the foot by misuing blktrace." -Dave. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19770 |