CVE-2019-10125
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
27/03/2019
Last modified:
02/06/2021
Description
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19 (including) | 4.19.38 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.0 (including) | 5.0.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* | 9.5 (including) | |
| cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page