vulnerability
Red Hat OpenShift: CVE-2019-19768: kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Dec 12, 2019 | Dec 29, 2020 | Apr 11, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Dec 12, 2019
Added
Dec 29, 2020
Modified
Apr 11, 2025
Description
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
Solution
linuxrpm-upgrade-redhat-coreos
References
- CVE-2019-19768
- https://attackerkb.com/topics/CVE-2019-19768
- REDHAT-RHSA-2020:1567
- REDHAT-RHSA-2020:1769
- REDHAT-RHSA-2020:1966
- REDHAT-RHSA-2020:2082
- REDHAT-RHSA-2020:2085
- REDHAT-RHSA-2020:2104
- REDHAT-RHSA-2020:2199
- REDHAT-RHSA-2020:2203
- REDHAT-RHSA-2020:2214
- REDHAT-RHSA-2020:2242
- REDHAT-RHSA-2020:2277
- REDHAT-RHSA-2020:2285
- REDHAT-RHSA-2020:2289
- REDHAT-RHSA-2020:2291
- REDHAT-RHSA-2020:2519
- REDHAT-RHSA-2020:2522

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.