Use-after-free vulnerability in Linux kernel before 5.0.4 allows unauthorized read access to /proc/ioports after removal of ipmi_si module

Use-after-free vulnerability in Linux kernel before 5.0.4 allows unauthorized read access to /proc/ioports after removal of ipmi_si module

CVE-2019-11811 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.