CVE-2019-10125

Sažetak

An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.

Reference

https://patchwork.kernel.org/patch/10828359/
http://www.securityfocus.com/bid/107655
https://security.netapp.com/advisory/ntap-20190411-0003/
https://support.f5.com/csp/article/K29215970

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-06-2021 - 15:25

Objavljeno

27-03-2019 - 06:29