Description
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
References (4)
Core 4
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://patchwork.kernel.org/patch/10828359/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107655
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190411-0003/
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K29215970
Scores
CVSS v3
9.8
EPSS
0.0343
EPSS Percentile
87.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (7)
linux/linux_kernel
5.1 rc1
linux/linux_kernel
4.19 - 4.19.38
netapp/active_iq_unified_manager
9.5
netapp/cn1610_firmware
netapp/hci_management_node
netapp/snapprotect
netapp/solidfire
Published
Mar 27, 2019
Tracked Since
Feb 18, 2026