There is a use-after-free in kernel versions prior to 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
opensuse leap 15.1 |
||
netapp element software - |
||
netapp steelstore cloud integrated storage - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp active iq unified manager - |
||
netapp hci compute node - |
||
netapp h300s_firmware - |
||
netapp h500s_firmware - |
||
netapp h700s_firmware - |
||
netapp h300e_firmware - |
||
netapp h500e_firmware - |
||
netapp h700e_firmware - |
||
netapp h410s_firmware - |
||
netapp h410c_firmware - |
||
netapp h610c_firmware - |
||
netapp h610s_firmware - |
||
netapp h615c_firmware - |