Lucene search

[email protected]CVE-2019-25044

HistoryMay 14, 2021 - 11:15 p.m.

CVE-2019-25044

2021-05-1423:15:00

CWE-416

[email protected]

web.nvd.nist.gov

linux

kernel

cve-2019-25044

use-after-free

vulnerability

blk_mq_free_rqs

blk_cleanup_queue

privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.1%

JSON

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq5.2
netapp:cloud_backupnetapp cloud backupeq-
netapp:solidfire_\&_hci_management_nodenetapp solidfire \& hci management nodeeq-
netapp:solidfire_baseboard_management_controller_firmwarenetapp solidfire baseboard management controller firmwareeq-
netapp:h300s_firmwarenetapp h300s firmwareeq-
netapp:h500s_firmwarenetapp h500s firmwareeq-
netapp:h700s_firmwarenetapp h700s firmwareeq-
netapp:h300e_firmwarenetapp h300e firmwareeq-
netapp:h500e_firmwarenetapp h500e firmwareeq-
netapp:h700e_firmwarenetapp h700e firmwareeq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	5.2
netapp:cloud_backup	netapp cloud backup	eq	-
netapp:solidfire_\&_hci_management_node	netapp solidfire \& hci management node	eq	-
netapp:solidfire_baseboard_management_controller_firmware	netapp solidfire baseboard management controller firmware	eq	-
netapp:h300s_firmware	netapp h300s firmware	eq	-
netapp:h500s_firmware	netapp h500s firmware	eq	-
netapp:h700s_firmware	netapp h700s firmware	eq	-
netapp:h300e_firmware	netapp h300e firmware	eq	-
netapp:h500e_firmware	netapp h500e firmware	eq	-
netapp:h700e_firmware	netapp h700e firmware	eq	-

Rows per page:

1-10 of 121

References

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3e2219216c92919a6bd1711f340f5faa98695e6

security.netapp.com/advisory/ntap-20210629-0006/

sites.google.com/view/syzscope/kasan-use-after-free-read-in-blk_mq_free_rqs

syzkaller.appspot.com/bug?id=36fe241584203cf394d44560a42e3430434f1213

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for CVE-2019-25044

prion1 ubuntucve1 f51 debiancve1 osv1 redhatcve1