The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Netapp
  • H700s
  • H700e
  • H410c
  • H410s Firmware
  • H500s
  • Solidfire Baseboard Management Controller Firmware
  • H500s Firmware
  • H300s Firmware
  • H300e Firmware
  • H700s Firmware
  • Cloud Backup
  • Solidfire Baseboard Management Controller
  • H500e
  • H410c Firmware
  • H700e Firmware
  • H300e
  • H300s
  • H410s
  • H500e Firmware
  • Solidfire \& Hci Management Node
Linux
  • Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:5.2:rc3:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
References
Link Resource
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3e2219216c92919a6bd1711f340f5faa98695e6 Mailing List Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20210629-0006/ Third Party Advisory
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-blk_mq_free_rqs Third Party Advisory
https://syzkaller.appspot.com/bug?id=36fe241584203cf394d44560a42e3430434f1213 Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-14T22:57:29

Updated: 2021-06-29T09:06:25

Reserved: 2021-05-14T00:00:00

Link: CVE-2019-25044

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-05-14T23:15:07.507

Modified: 2023-01-24T02:01:08.940

Link: CVE-2019-25044

JSON object: View

cve-icon Redhat Information

No data.

CWE