PT-2019-11588 · Linux+1 · Linux Kernel+1

Hou Tao

Published

2019-01-29

Updated

2021-06-02

CVE-2019-10125

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.0.4

Description: An issue was discovered in aio poll() in fs/aio.c. A file may be released by aio poll wake() if an expected event is triggered immediately, for example, by the close of a pair of pipes, after the return of vfs poll(), causing a use-after-free.

Recommendations: For Linux kernel versions through 5.0.4, update to a version later than 5.0.4 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-1139

ALT-PU-2019-1363

ALT-PU-2019-1552

ALT-PU-2019-1710

ALT-PU-2019-1765

CVE-2019-10125

Affected Products

Alt Linux

Linux Kernel

PT-2019-11588 · Linux+1 · Linux Kernel+1

CVE-2019-10125

Weakness Enumeration

Related Identifiers

Affected Products

References · 13