A use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=205713 https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1786181]
https://lore.kernel.org/linux-fsdevel/20200402000002.7442-1-mcgrof@kernel.org/T/#mc62cc15324d1da505c6a9c50e3363f4d20537d45 Looks like it's just a blktrace bug, not a critical security problem: "We there would like to contend CVE-2019-19770 as invalid. The implications suggested are not correct, and this issue is only triggerable with root, by shooting yourself on the foot by misuing blktrace." -Dave.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19770