CVE-2019-10125: Use After Free
First published: Wed Mar 27 2019(Updated: )
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=4.19<4.19.38 | |
| Linux Linux kernel | >=5.0<5.0.5 | |
| Linux Linux kernel | =5.1-rc1 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
| Netapp Hci Management Node | ||
| Netapp Snapprotect | ||
| Netapp Solidfire | ||
| Netapp Cn1610 Firmware | ||
| Netapp Cn1610 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10125?
CVE-2019-10125 is a vulnerability discovered in aio_poll() in fs/aio.c in the Linux kernel through version 5.0.4, which can lead to a use-after-free when certain conditions are met.
How severe is CVE-2019-10125?
CVE-2019-10125 has a severity level of 9.8, which is considered critical.
Which software is affected by CVE-2019-10125?
The Linux kernel versions 4.19.38 to 5.0.4 and Netapp products such as Active IQ Unified Manager, HCI Management Node, Snapprotect, Solidfire, and CN1610 Firmware are affected by CVE-2019-10125.
How can I fix CVE-2019-10125?
To fix CVE-2019-10125, update your Linux kernel to version 5.0.5 or later, and apply any necessary patches provided by your vendor for Netapp products.
Where can I find more information about CVE-2019-10125?
You can find more information about CVE-2019-10125 at the following references: http://www.securityfocus.com/bid/107655, https://patchwork.kernel.org/patch/10828359/, and https://security.netapp.com/advisory/ntap-20190411-0003/
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.19
- version/linux linux kernel/5.0
- version/linux linux kernel/5.1-rc1
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- version/netapp active iq unified manager vmware vsphere/9.5
- canonical/netapp hci management node
- canonical/netapp snapprotect
- canonical/netapp solidfire
- canonical/netapp cn1610 firmware
- canonical/netapp cn1610