PT-2019-4489 · Linux+6 · Linux Kernel+6

Tristan Madani

·

Published

2019-01-29

·

Updated

2024-08-05

·

CVE-2019-19770

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:N/C:P/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel version 4.19.83
Description The issue is related to a use-after-free (read) in the debugfs remove function in fs/debugfs/inode.c, which can be used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs create file. This can allow a remote attacker to access confidential data and cause a denial of service. However, Linux kernel developers dispute this issue as not being a problem with debugfs, but rather an issue with misuse of debugfs within blktrace.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2020:4431
ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2019-3128
ALT-PU-2019-3138
ALT-PU-2020-1024
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2020-2659
ALT-PU-2020-2660
ALT-PU-2020-2695
ALT-PU-2020-2710
ALT-PU-2020-2726
ALT-PU-2020-2732
ALT-PU-2020-3057
ALT-PU-2021-1745
BDU:2020-00347
CESA-2020_4431
CESA-2020_4609
CVE-2019-19770
DLA-2483-1
OPENSUSE-SU-2020:0543-1
OPENSUSE-SU-2020_0543-1
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4431
RHSA-2020_4609
SUSE-SU-2020:1084-1
SUSE-SU-2020:1085-1
SUSE-SU-2020:1087-1
SUSE-SU-2020:1118-1
SUSE-SU-2020:1119-1
SUSE-SU-2020:1123-1
SUSE-SU-2020:1141-1
SUSE-SU-2020:1142-1
SUSE-SU-2020:1146-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_1146-1
SUSE-SU-2020_1663-1
USN-4680-1

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu