QwikSec

Security Database

CVE

CWE

Training

CVE-2019-19770

Published: Dec 12, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.kernel.org/show_bug.cgi?id=205713

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200103-0001/

x_refsource_CONFIRM

https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof%40kernel.org/

x_refsource_MISC

openSUSE-SU-2020:0543

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.