Vulnerability Description
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.19, < 4.19.38 |
| Netapp | Active Iq Unified Manager | >= 9.5 |
| Netapp | Hci Management Node | - |
| Netapp | Snapprotect | - |
| Netapp | Solidfire | - |
| Netapp | Cn1610 Firmware | - |
| Netapp | Cn1610 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107655Third Party AdvisoryVDB Entry
- https://patchwork.kernel.org/patch/10828359/ExploitPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20190411-0003/Third Party Advisory
- https://support.f5.com/csp/article/K29215970Third Party Advisory
- http://www.securityfocus.com/bid/107655Third Party AdvisoryVDB Entry
- https://patchwork.kernel.org/patch/10828359/ExploitPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20190411-0003/Third Party Advisory
- https://support.f5.com/csp/article/K29215970Third Party Advisory
FAQ
What is CVE-2019-10125?
CVE-2019-10125 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pa...
How severe is CVE-2019-10125?
CVE-2019-10125 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10125?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Unified Manager, Netapp Hci Management Node, Netapp Snapprotect, Netapp Solidfire.