CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS
Percentile
61.0%
DISPUTED In the Linux kernel 4.19.83, there is a use-after-free
(read) in the debugfs_remove function in fs/debugfs/inode.c (which is used
to remove a file or directory in debugfs that was previously created with a
call to another debugfs function such as debugfs_create_file). NOTE: Linux
kernel developers dispute this issue as not being an issue with debugfs,
instead this is an issue with misuse of debugfs within blktrace.
Author | Note |
---|---|
sbeattie | reproducer in github link according to kernel maintainer, needed commits are: (1b0b28364816) blktrace: break out of blktrace setup on concurrent calls (c3dbe541ef77) blktrace: Avoid sparse warnings when assigning q->blk_trace (a67549c8e568) blktrace: annotate required lock on do_blk_trace_setup() (bad8e64fb19d) blktrace: fix debugfs use after free (b431ef837e33) blktrace: ensure our debugfs dir exists |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1091.96 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1028.29 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1091.96~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < 4.15.0-1103.114 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp-4.15 | < 4.15.0-1091.104 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < 5.4.0-1031.32~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-hwe-5.4 | < 5.4.0-51.56~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux | < 4.15.0-129.132 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-51.56 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe | < 4.15.0-129.132~16.04.1 | UNKNOWN |
bugzilla.kernel.org/show_bug.cgi?id=205713
github.com/mcgrof/break-blktrace
launchpad.net/bugs/cve/CVE-2019-19770
lore.kernel.org/linux-block/[email protected]/
lore.kernel.org/linux-block/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2019-19770
security-tracker.debian.org/tracker/CVE-2019-19770
ubuntu.com/security/notices/USN-4680-1
www.cve.org/CVERecord?id=CVE-2019-19770
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS
Percentile
61.0%