Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-19770 (GCVE-0-2019-19770)
Vulnerability from cvelistv5 – Published: 2019-12-12 19:39 – Updated: 2024-08-05 02:25 Disputed
VLAI?
EPSS
Summary
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/"
},
{
"name": "openSUSE-SU-2020:0543",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-10T23:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/"
},
{
"name": "openSUSE-SU-2020:0543",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205713",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"name": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/",
"refsource": "MISC",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/"
},
{
"name": "openSUSE-SU-2020:0543",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19770",
"datePublished": "2019-12-12T19:39:10.000Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:25:12.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2020-AVI-241
Vulnerability from certfr_avis - Published: 2020-04-24 - Updated: 2020-04-24
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11669",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11669"
},
{
"name": "CVE-2020-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11494"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3701"
},
{
"name": "CVE-2019-19770",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19770"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8834",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8834"
},
{
"name": "CVE-2019-19768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19768"
}
],
"initial_release_date": "2020-04-24T00:00:00",
"last_revision_date": "2020-04-24T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-241",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201084-1 du 23 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201084-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201085-1 du 23 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201085-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201087-1 du 23 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201087-1/"
}
]
}
CERTFR-2020-AVI-242
Vulnerability from certfr_avis - Published: 2020-04-28 - Updated: 2020-04-28
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11669",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11669"
},
{
"name": "CVE-2020-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11494"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2019-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3701"
},
{
"name": "CVE-2019-19770",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19770"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8834",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8834"
},
{
"name": "CVE-2019-19768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19768"
}
],
"initial_release_date": "2020-04-28T00:00:00",
"last_revision_date": "2020-04-28T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-242",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201118-1 du 27 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201118-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20201119-1 du 27 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201119-1/"
}
]
}
CERTFR-2020-AVI-710
Vulnerability from certfr_avis - Published: 2020-11-04 - Updated: 2020-11-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 8 x86_64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19533"
},
{
"name": "CVE-2019-18809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18809"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2020-12659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12659"
},
{
"name": "CVE-2020-10774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10774"
},
{
"name": "CVE-2019-19543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19543"
},
{
"name": "CVE-2019-9455",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9455"
},
{
"name": "CVE-2019-19072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19072"
},
{
"name": "CVE-2020-25661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25661"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-19319",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19319"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12655"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2020-24490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24490"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2019-15925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15925"
},
{
"name": "CVE-2020-25662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25662"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0305"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19056"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-19770",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19770"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-19068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19068"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2020-25641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25641"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
}
],
"initial_release_date": "2020-11-04T00:00:00",
"last_revision_date": "2020-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-710",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2020:4685 du 4 novembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:4685"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2020:4686 du 4 novembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:4686"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2020:4609 du 4 novembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:4609"
}
]
}
CERTFR-2021-AVI-006
Vulnerability from certfr_avis - Published: 2021-01-06 - Updated: 2021-01-06
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28974"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2020-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-12912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12912"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2019-19770",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19770"
},
{
"name": "CVE-2020-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25668"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"name": "CVE-2019-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0148"
},
{
"name": "CVE-2020-29534",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29534"
},
{
"name": "CVE-2020-27675",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27675"
},
{
"name": "CVE-2020-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0423"
}
],
"initial_release_date": "2021-01-06T00:00:00",
"last_revision_date": "2021-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4678-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4678-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4679-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4679-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4681-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4681-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4680-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4680-1"
}
]
}
CERTFR-2020-AVI-256
Vulnerability from certfr_avis - Published: 2020-04-30 - Updated: 2020-04-30
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11669",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11669"
},
{
"name": "CVE-2020-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11494"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-3701",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3701"
},
{
"name": "CVE-2019-19770",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19770"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8834",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8834"
},
{
"name": "CVE-2019-19768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19768"
}
],
"initial_release_date": "2020-04-30T00:00:00",
"last_revision_date": "2020-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-256",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:1146-1 du 30 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201146-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:1141-1 du 30 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201141-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:1142-1 du 30 avril 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201142-1/"
}
]
}
cve-2019-19770
Vulnerability from osv_almalinux
Published
2020-11-03 12:03
Modified
2021-08-11 08:54
Summary
Moderate: kernel security, bug fix, and enhancement update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: use after free in the video driver leads to local privilege escalation (CVE-2019-9458)
-
kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)
-
kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)
-
kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808)
-
kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046)
-
kernel: out-of-bounds write in ext4_xattr_set_entry (CVE-2019-19319)
-
Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)
-
kernel: use-after-free in ext4_put_super (CVE-2019-19447)
-
kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)
-
kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)
-
kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543)
-
kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767)
-
kernel: use-after-free in debugfs_remove (CVE-2019-19770)
-
kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)
-
kernel: possible use-after-free due to a race condition in cdev_get (CVE-2020-0305)
-
kernel: out-of-bounds read in in vc_do_resize function (CVE-2020-8647)
-
kernel: use-after-free in n_tty_receive_buf_common function (CVE-2020-8648)
-
kernel: invalid read location in vgacon_invert_region function (CVE-2020-8649)
-
kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)
-
kernel: SELinux netlink permission check bypass (CVE-2020-10751)
-
kernel: out-of-bounds write in mpol_parse_str (CVE-2020-11565)
-
kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)
-
kernel: buffer overflow in mt76_add_fragment function (CVE-2020-12465)
-
kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)
-
kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)
-
kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)
-
kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)
-
kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)
-
kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)
-
kernel: null pointer dereference in dlpar_parse_cc_property (CVE-2019-12614)
-
kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)
-
kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)
-
kernel: memory leak in af9005_identify_state() function (CVE-2019-18809)
-
kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function (CVE-2019-19056)
-
kernel: memory leak in the crypto_report() function (CVE-2019-19062)
-
kernel: Two memory leaks in the rtl_usb_probe() function (CVE-2019-19063)
-
kernel: A memory leak in the rtl8xxxu_submit_int_urb() function (CVE-2019-19068)
-
kernel: A memory leak in the predicate_parse() function (CVE-2019-19072)
-
kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)
-
kernel: Null pointer dereference in drop_sysctl_table() (CVE-2019-20054)
-
kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)
-
kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)
-
kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)
-
kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-240.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use after free in the video driver leads to local privilege escalation (CVE-2019-9458)\n\n* kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)\n\n* kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925)\n\n* kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808)\n\n* kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046)\n\n* kernel: out-of-bounds write in ext4_xattr_set_entry (CVE-2019-19319)\n\n* Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332)\n\n* kernel: use-after-free in ext4_put_super (CVE-2019-19447)\n\n* kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524)\n\n* kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537)\n\n* kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543)\n\n* kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767)\n\n* kernel: use-after-free in debugfs_remove (CVE-2019-19770)\n\n* kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636)\n\n* kernel: possible use-after-free due to a race condition in cdev_get (CVE-2020-0305)\n\n* kernel: out-of-bounds read in in vc_do_resize function (CVE-2020-8647)\n\n* kernel: use-after-free in n_tty_receive_buf_common function (CVE-2020-8648)\n\n* kernel: invalid read location in vgacon_invert_region function (CVE-2020-8649)\n\n* kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732)\n\n* kernel: SELinux netlink permission check bypass (CVE-2020-10751)\n\n* kernel: out-of-bounds write in mpol_parse_str (CVE-2020-11565)\n\n* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n* kernel: buffer overflow in mt76_add_fragment function (CVE-2020-12465)\n\n* kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659)\n\n* kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770)\n\n* kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826)\n\n* kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381)\n\n* kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641)\n\n* kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455)\n\n* kernel: null pointer dereference in dlpar_parse_cc_property (CVE-2019-12614)\n\n* kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231)\n\n* kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233)\n\n* kernel: memory leak in af9005_identify_state() function (CVE-2019-18809)\n\n* kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function (CVE-2019-19056)\n\n* kernel: memory leak in the crypto_report() function (CVE-2019-19062)\n\n* kernel: Two memory leaks in the rtl_usb_probe() function (CVE-2019-19063)\n\n* kernel: A memory leak in the rtl8xxxu_submit_int_urb() function (CVE-2019-19068)\n\n* kernel: A memory leak in the predicate_parse() function (CVE-2019-19072)\n\n* kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533)\n\n* kernel: Null pointer dereference in drop_sysctl_table() (CVE-2019-20054)\n\n* kernel: kernel stack information leak on s390/s390x (CVE-2020-10773)\n\n* kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774)\n\n* kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942)\n\n* kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655)",
"id": "ALSA-2020:4431",
"modified": "2021-08-11T08:54:00Z",
"published": "2020-11-03T12:03:57Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-12614"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15917"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-15925"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-16231"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-16233"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-18808"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-18809"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19046"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19056"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19062"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19063"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19068"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19072"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19319"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19332"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19447"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19524"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19533"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19537"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19543"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19602"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19767"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19770"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-20054"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-20636"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9455"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-9458"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-0305"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-0444"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-10732"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-10751"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-10773"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-10774"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-10942"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-11565"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-11668"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12465"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12655"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12659"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12770"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12826"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-14381"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25641"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8647"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8648"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8649"
}
],
"related": [
"CVE-2019-9458",
"CVE-2019-15917",
"CVE-2019-15925",
"CVE-2019-18808",
"CVE-2019-19046",
"CVE-2019-19319",
"CVE-2019-19332",
"CVE-2019-19447",
"CVE-2019-19524",
"CVE-2019-19537",
"CVE-2019-19543",
"CVE-2019-19767",
"CVE-2019-19770",
"CVE-2019-20636",
"CVE-2020-0305",
"CVE-2020-8647",
"CVE-2020-8648",
"CVE-2020-8649",
"CVE-2020-10732",
"CVE-2020-10751",
"CVE-2020-11565",
"CVE-2020-11668",
"CVE-2020-12465",
"CVE-2020-12659",
"CVE-2020-12770",
"CVE-2020-12826",
"CVE-2020-14381",
"CVE-2020-25641",
"CVE-2019-9455",
"CVE-2019-12614",
"CVE-2019-16231",
"CVE-2019-16233",
"CVE-2019-18809",
"CVE-2019-19056",
"CVE-2019-19062",
"CVE-2019-19063",
"CVE-2019-19068",
"CVE-2019-19072",
"CVE-2019-19533",
"CVE-2019-20054",
"CVE-2020-10773",
"CVE-2020-10774",
"CVE-2020-10942",
"CVE-2020-12655"
],
"summary": "Moderate: kernel security, bug fix, and enhancement update"
}
CVE-2019-19770
Vulnerability from fstec - Published: 11.12.2019
VLAI Severity ?
Title
Уязвимость функции debugfs_remove ядра операционной системы Linux, связанная с использованием области памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Description
Уязвимость функции debugfs_remove ядра операционной системы Linux связана с использованием области памяти после её освобождения. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., АО «ИВК», АО "НППКТ"
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Suse Linux Enterprise Desktop, SUSE Linux Enterprise, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Linux
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 12 SP4 (Suse Linux Enterprise Desktop), Server 12 SP1 LTSS (SUSE Linux Enterprise), Server 12 SP2 LTSS (SUSE Linux Enterprise), High Performance Computing 12 (SUSE Linux Enterprise), Module for Basesystem 15 GA (SUSE Linux Enterprise), Server 12 SP4 (SUSE Linux Enterprise), Server for SAP Applications 12 SP2 (SUSE Linux Enterprise), Server for SAP Applications 12 SP4 (SUSE Linux Enterprise), Server 12 SP5 (SUSE Linux Enterprise), Server for SAP Applications 12 SP3 (SUSE Linux Enterprise), Server for SAP Applications 12 SP5 (SUSE Linux Enterprise), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), Module for Basesystem 15 SP1 (SUSE Linux Enterprise), Module for Development Tools 15 GA (SUSE Linux Enterprise), Module for Development Tools 15 SP1 (SUSE Linux Enterprise), Server 12 SP3 LTSS (SUSE Linux Enterprise), Server 11 SP4 LTSS (SUSE Linux Enterprise), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), - (Альт 8 СП), до 2.4 (ОСОН ОСнова Оnyx), от 4.20 до 5.4.58 включительно (Linux), от 5.5 до 5.7.15 включительно (Linux), от 5.8.0 до 5.8.1 включительно (Linux), от 4.15 до 4.19.155 включительно (Linux), от 4.11 до 4.14.204 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.205
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.59
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.16
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
Для SUSE Linux:
использование рекомендаций производителя https://www.suse.com/security/cve/CVE-2019-19770/
Для ОСОН Основа:
Обновление программного обеспечения linux до версии 5.14.9-2.osnova179.1
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1904471
https://bugzilla.kernel.org/show_bug.cgi?id=205713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19770
https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/commit/?h=20200401-blktrace-fix-uaf&id=f8b5f8a51356fbb8e0c46e0bf5f9bcba4e49427c
https://github.com/mcgrof/break-blktrace
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.205
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.59
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.16
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/
https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/
https://lore.kernel.org/linux-block/20200419194529.4872-1-mcgrof@kernel.org/
https://lore.kernel.org/linux-block/20200516031956.2605-1-mcgrof@kernel.org/
https://lore.kernel.org/lkml/20200206111052.45356-1-yukuai3@huawei.com/
https://nvd.nist.gov/vuln/detail/CVE-2019-19770
https://security.netapp.com/advisory/ntap-20200103-0001/
https://security-tracker.debian.org/tracker/CVE-2019-19770
https://syzkaller.appspot.com/bug?extid=903b72a010ad6b7a40f2
https://ubuntu.com/security/notices/USN-4680-1
https://usn.ubuntu.com/usn/usn-4680-1
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://www.cve.org/CVERecord?id=CVE-2019-19770
https://www.suse.com/security/cve/CVE-2019-19770/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 SP4 (Suse Linux Enterprise Desktop), Server 12 SP1 LTSS (SUSE Linux Enterprise), Server 12 SP2 LTSS (SUSE Linux Enterprise), High Performance Computing 12 (SUSE Linux Enterprise), Module for Basesystem 15 GA (SUSE Linux Enterprise), Server 12 SP4 (SUSE Linux Enterprise), Server for SAP Applications 12 SP2 (SUSE Linux Enterprise), Server for SAP Applications 12 SP4 (SUSE Linux Enterprise), Server 12 SP5 (SUSE Linux Enterprise), Server for SAP Applications 12 SP3 (SUSE Linux Enterprise), Server for SAP Applications 12 SP5 (SUSE Linux Enterprise), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), Module for Basesystem 15 SP1 (SUSE Linux Enterprise), Module for Development Tools 15 GA (SUSE Linux Enterprise), Module for Development Tools 15 SP1 (SUSE Linux Enterprise), Server 12 SP3 LTSS (SUSE Linux Enterprise), Server 11 SP4 LTSS (SUSE Linux Enterprise), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 4.20 \u0434\u043e 5.4.58 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.7.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.8.0 \u0434\u043e 5.8.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.155 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.11 \u0434\u043e 4.14.204 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.205\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.59\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.16\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\n\n\u0414\u043b\u044f SUSE Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f https://www.suse.com/security/cve/CVE-2019-19770/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.14.9-2.osnova179.1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.12.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.01.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00347",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-19770",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Suse Linux Enterprise Desktop, SUSE Linux Enterprise, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server 12 SP1 LTSS , Novell Inc. SUSE Linux Enterprise Server 12 SP2 LTSS , Novell Inc. SUSE Linux Enterprise High Performance Computing 12 , Novell Inc. SUSE Linux Enterprise Module for Basesystem 15 GA , Novell Inc. SUSE Linux Enterprise Server 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. SUSE Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. SUSE Linux Enterprise Module for Basesystem 15 SP1 , Novell Inc. SUSE Linux Enterprise Module for Development Tools 15 GA , Novell Inc. SUSE Linux Enterprise Module for Development Tools 15 SP1 , Novell Inc. SUSE Linux Enterprise Server 12 SP3 LTSS , Novell Inc. SUSE Linux Enterprise Server 11 SP4 LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 4.19.83 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 debugfs_remove \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 debugfs_remove \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html\nhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1904471\nhttps://bugzilla.kernel.org/show_bug.cgi?id=205713\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19770\nhttps://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/commit/?h=20200401-blktrace-fix-uaf\u0026id=f8b5f8a51356fbb8e0c46e0bf5f9bcba4e49427c\nhttps://github.com/mcgrof/break-blktrace\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.205\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.59\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.16\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.2\nhttps://lists.debian.org/debian-lts-announce/2020/12/msg00015.html\nhttps://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/\nhttps://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/\nhttps://lore.kernel.org/linux-block/20200419194529.4872-1-mcgrof@kernel.org/\nhttps://lore.kernel.org/linux-block/20200516031956.2605-1-mcgrof@kernel.org/\nhttps://lore.kernel.org/lkml/20200206111052.45356-1-yukuai3@huawei.com/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19770\nhttps://security.netapp.com/advisory/ntap-20200103-0001/\nhttps://security-tracker.debian.org/tracker/CVE-2019-19770\nhttps://syzkaller.appspot.com/bug?extid=903b72a010ad6b7a40f2\nhttps://ubuntu.com/security/notices/USN-4680-1\nhttps://usn.ubuntu.com/usn/usn-4680-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.cve.org/CVERecord?id=CVE-2019-19770\nhttps://www.suse.com/security/cve/CVE-2019-19770/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,2)"
}
GSD-2019-19770
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-19770",
"description": "** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.",
"id": "GSD-2019-19770",
"references": [
"https://www.suse.com/security/cve/CVE-2019-19770.html",
"https://access.redhat.com/errata/RHSA-2020:4609",
"https://access.redhat.com/errata/RHSA-2020:4431",
"https://ubuntu.com/security/CVE-2019-19770",
"https://alas.aws.amazon.com/cve/html/CVE-2019-19770.html",
"https://linux.oracle.com/cve/CVE-2019-19770.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-19770"
],
"details": "** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace.",
"id": "GSD-2019-19770",
"modified": "2023-12-13T01:23:53.608369Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205713",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200103-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"name": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/",
"refsource": "MISC",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/"
},
{
"name": "openSUSE-SU-2020:0543",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E848931-EC49-4268-93CE-9D9F7F2E3B54",
"versionEndIncluding": "4.19.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En el kernel de Linux versi\u00f3n 4.19.83, presenta un uso de la memoria previamente liberada en la funci\u00f3n debugfs_remove en el archivo fs/debugfs/inode.c (que se usa para eliminar un archivo o directorio en debugfs que se cre\u00f3 previamente con una llamada a otra funci\u00f3n debugfs como debugfs_create_file). NOTA: Los desarrolladores del kernel de Linux disputan este problema como no un problema con debugfs, sino que es un problema con el mal uso de debugfs dentro de blktrace."
}
],
"id": "CVE-2019-19770",
"lastModified": "2024-04-11T01:05:03.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T20:15:17.787",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
FKIE_CVE-2019-19770
Vulnerability from fkie_nvd - Published: 2019-12-12 20:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E848931-EC49-4268-93CE-9D9F7F2E3B54",
"versionEndIncluding": "4.19.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En el kernel de Linux versi\u00f3n 4.19.83, presenta un uso de la memoria previamente liberada en la funci\u00f3n debugfs_remove en el archivo fs/debugfs/inode.c (que se usa para eliminar un archivo o directorio en debugfs que se cre\u00f3 previamente con una llamada a otra funci\u00f3n debugfs como debugfs_create_file). NOTA: Los desarrolladores del kernel de Linux disputan este problema como no un problema con debugfs, sino que es un problema con el mal uso de debugfs dentro de blktrace."
}
],
"id": "CVE-2019-19770",
"lastModified": "2024-11-21T04:35:21.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T20:15:17.787",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200103-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6XFG-823W-W33F
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-03-21 03:33
VLAI?
Details
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).
Severity ?
8.2 (High)
{
"affected": [],
"aliases": [
"CVE-2019-19770"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-12T20:15:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file).",
"id": "GHSA-6xfg-823w-w33f",
"modified": "2024-03-21T03:33:47Z",
"published": "2022-05-24T17:03:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19770"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200103-0001"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2019-45883
Vulnerability from cnvd - Published: 2019-12-16
VLAI Severity ?
Title
Linux kernel内存错误引用漏洞(CNVD-2019-45883)
Description
Linux kernel是一种计算机操作系统内核,以C语言和汇编语言写成,符合POSIX标准,按GNU通用公共许可证发行。
Linux kernel 4.19.83版本存在释放后重用漏洞。攻击者可利用该漏洞导致拒绝服务。
Severity
低
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.kernel.org/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-19770
Impacted products
| Name | Linux Linux kernel 4.19.83 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-19770",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-19770"
}
},
"description": "Linux kernel\u662f\u4e00\u79cd\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u5185\u6838\uff0c\u4ee5C\u8bed\u8a00\u548c\u6c47\u7f16\u8bed\u8a00\u5199\u6210\uff0c\u7b26\u5408POSIX\u6807\u51c6\uff0c\u6309GNU\u901a\u7528\u516c\u5171\u8bb8\u53ef\u8bc1\u53d1\u884c\u3002\n\nLinux kernel 4.19.83\u7248\u672c\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.kernel.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-45883",
"openTime": "2019-12-16",
"products": {
"product": "Linux Linux kernel 4.19.83"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-19770",
"serverity": "\u4f4e",
"submitTime": "2019-12-13",
"title": "Linux kernel\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2019-45883\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…