An issue was discovered in the Linux kernels implementation of Management Data Input/Output (MDIO) or SMI system. An attacker who is able to hot-plug a network device can trigger the function __mdiobus_register() in drivers/net/phy/mdio_bus.c which calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. While this function is also run during system boot with onboard networking hardware, exploiting the use-after-free during this narrow timeframe makes the exploit a non-trivial exercise. Reference: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ff7b060535e87c2ae14dd8548512abfdda528fb https://en.wikipedia.org/wiki/Management_Data_Input/Output
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1721969]
This issue was fixed for Fedora with the 4.20.17 stable update
This flaw is rated as moderate as the MDIO loading code will likely only be run in early boot, it would be a difficult flaw to exploit and would require the attacker to be able to run code at this time to groom the memory into place. I find it unlikely that this would be exploited on stationary servers, but it may be more of a problem when you can hotplug devices..
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12819