CVE-2019-19770

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace

Published: Dec 12, 2019
Updated: Nov 8, 2023
CVE: CVE-2019-19770
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	4.19.83.x

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html
https://bugzilla.kernel.org/show_bug.cgi?id=205713
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lore.kernel.org/linux-block/[email protected]/
https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/
https://security.netapp.com/advisory/ntap-20200103-0001/

Vulnerability Database

290,020

CVE-2019-19770