Vulnerability Description
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.19.83 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html
- https://bugzilla.kernel.org/show_bug.cgi?id=205713ExploitIssue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/
- https://security.netapp.com/advisory/ntap-20200103-0001/Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html
- https://bugzilla.kernel.org/show_bug.cgi?id=205713ExploitIssue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/
- https://security.netapp.com/advisory/ntap-20200103-0001/Third Party Advisory
FAQ
What is CVE-2019-19770?
CVE-2019-19770 is a vulnerability with a CVSS score of 8.2 (HIGH). In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created w...
How severe is CVE-2019-19770?
CVE-2019-19770 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19770?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.