Vulnerabilities > CVE-2019-10125 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0009_LIBSSH2.NASL description An update of the libssh2 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126377 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126377 title Photon OS 3.0: Libssh2 PHSA-2019-3.0-0009 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0009. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126377); script_version("1.2"); script_cvs_date("Date: 2020/01/07"); script_cve_id( "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863" ); script_name(english:"Photon OS 3.0: Libssh2 PHSA-2019-3.0-0009"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the libssh2 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0009.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10125"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libssh2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"libssh2-1.8.2-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"libssh2-debuginfo-1.8.2-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"libssh2-devel-1.8.2-1.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh2"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0009_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126378 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126378 title Photon OS 3.0: Linux PHSA-2019-3.0-0009 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0009. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126378); script_version("1.2"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2019-10124", "CVE-2019-10125", "CVE-2019-11811"); script_name(english:"Photon OS 3.0: Linux PHSA-2019-3.0-0009"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the linux package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0009.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10125"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-api-headers-4.19.32-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-debuginfo-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-devel-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-docs-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-drivers-gpu-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-oprofile-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-sound-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-aws-tools-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-debuginfo-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-devel-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-docs-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-drivers-gpu-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-drivers-sound-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-esx-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-esx-debuginfo-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-esx-devel-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-esx-docs-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-oprofile-4.19.32-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-secure-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-secure-debuginfo-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-secure-devel-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-secure-docs-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-secure-lkcm-4.19.32-2.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"linux-tools-4.19.32-3.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0009_PYTHON.NASL description An update of the python package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126379 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126379 title Photon OS 3.0: Python PHSA-2019-3.0-0009 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0009. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126379); script_version("1.2"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2018-18074"); script_name(english:"Photon OS 3.0: Python PHSA-2019-3.0-0009"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the python package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0009.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10125"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"python-requests-2.19.1-4.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0009_PYTHON2.NASL description An update of the python2 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126380 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126380 title Photon OS 3.0: Python2 PHSA-2019-3.0-0009 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0009. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126380); script_version("1.2"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2019-9948"); script_name(english:"Photon OS 3.0: Python2 PHSA-2019-3.0-0009"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the python2 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0009.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10125"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"python2-2.7.15-5.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"python2-debuginfo-2.7.15-5.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"python2-devel-2.7.15-5.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"python2-libs-2.7.15-5.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"python2-test-2.7.15-5.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"python2-tools-2.7.15-5.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0009_LIBSECCOMP.NASL description An update of the libseccomp package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126376 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126376 title Photon OS 3.0: Libseccomp PHSA-2019-3.0-0009
References
- http://www.securityfocus.com/bid/107655
- http://www.securityfocus.com/bid/107655
- https://patchwork.kernel.org/patch/10828359/
- https://patchwork.kernel.org/patch/10828359/
- https://security.netapp.com/advisory/ntap-20190411-0003/
- https://security.netapp.com/advisory/ntap-20190411-0003/
- https://support.f5.com/csp/article/K29215970
- https://support.f5.com/csp/article/K29215970