First published: Wed Sep 04 2019(Updated: )
A flaw was found in the allocate_trace_buffer in kernel/trace/trace.c in the debug subsystem, when failure to allocate a dynamic percpu area, a resource cleanup is called. The pointer (buf->buffer) still holds the address and is not set to NULL, which can cause a use-after-free problem, leading to a dangling pointer issue.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1127.8.2.rt56.1103.el7 | 0:3.10.0-1127.8.2.rt56.1103.el7 |
redhat/kernel | <0:3.10.0-1127.8.2.el7 | 0:3.10.0-1127.8.2.el7 |
redhat/kernel-alt | <0:4.14.0-115.21.2.el7a | 0:4.14.0-115.21.2.el7a |
redhat/kernel | <0:3.10.0-327.88.1.el7 | 0:3.10.0-327.88.1.el7 |
redhat/kernel | <0:3.10.0-514.76.1.el7 | 0:3.10.0-514.76.1.el7 |
redhat/kernel | <0:3.10.0-693.67.1.el7 | 0:3.10.0-693.67.1.el7 |
redhat/kernel | <0:3.10.0-957.54.1.el7 | 0:3.10.0-957.54.1.el7 |
redhat/kernel | <0:3.10.0-1062.26.1.el7 | 0:3.10.0-1062.26.1.el7 |
redhat/kernel-rt | <1:3.10.0-693.67.1.rt56.665.el6 | 1:3.10.0-693.67.1.rt56.665.el6 |
Linux Linux kernel | <4.14.11 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Linux Linux kernel | >=3.10<3.16.55 | |
Linux Linux kernel | >=3.17<3.18.91 | |
Linux Linux kernel | >=3.19<4.1.50 | |
Linux Linux kernel | >=4.2<4.4.109 | |
Linux Linux kernel | >=4.5<4.9.74 | |
Linux Linux kernel | >=4.10<4.14.11 |
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)