CVE-2019-25045

Summary

CVE	CVE-2019-25045
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-07 20:15:00 UTC
Updated	2022-04-29 17:31:00 UTC
Description	An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Hardware	Netapp	Aff 8300	-	All	All	All
Operating System	Netapp	Aff 8300 Firmware	-	All	All	All
Hardware	Netapp	Aff 8700	-	All	All	All
Operating System	Netapp	Aff 8700 Firmware	-	All	All	All
Hardware	Netapp	Aff A400	-	All	All	All
Operating System	Netapp	Aff A400 Firmware	-	All	All	All
Hardware	Netapp	Aff A700s	-	All	All	All
Operating System	Netapp	Aff A700s Firmware	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Hardware	Netapp	Fabric-attached Storage A400	-	All	All	All
Operating System	Netapp	Fabric-attached Storage A400 Firmware	-	All	All	All
Hardware	Netapp	Fas 8300	-	All	All	All
Operating System	Netapp	Fas 8300 Firmware	-	All	All	All
Hardware	Netapp	Fas 8700	-	All	All	All
Operating System	Netapp	Fas 8700 Firmware	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H610c	-	All	All	All
Operating System	Netapp	H610c Firmware	-	All	All	All
Hardware	Netapp	H610s	-	All	All	All
Operating System	Netapp	H610s Firmware	-	All	All	All
Hardware	Netapp	H615c	-	All	All	All
Operating System	Netapp	H615c Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Hardware	Netapp	Solidfire Baseboard Management Controller	-	All	All	All
Operating System	Netapp	Solidfire Baseboard Management Controller Firmware	-	All	All	All
Application	Netapp	Solidfire Hci Management Node	-	All	All	All

References

Reference	Source	Link	Tags
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19	MISC	cdn.kernel.org
WARNING in xfrm_state_fini (2)	MISC	syzkaller.appspot.com
CVE-2019-25045 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
SyzScope - WARNING in xfrm_state_fini (2)	MISC	sites.google.com
kernel/git/torvalds/linux.git - Linux kernel source tree	MISC	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

610372 Google Pixel Android October 2021 Security Patch Missing
610381 Google Android November 2021 Security Patch Missing for Huawei EMUI
670707 EulerOS Security Update for kernel (EulerOS-SA-2021-2465)
750830 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2321-1)
750832 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2324-1)