CVE-2019-20934
MediumAn issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVSS 3.1 score
5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Weakness type
CWE-416CVE-2019-20934 is a Use After Free vulnerability
What is Use After Free?
The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE
References
The following references provide additional information about CVE-2019-20934 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Issue Tracking Vendor Advisory
-
Vendor Advisory
-
PatchKernel patch commithttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16d51a590a8ce3befb1308e0e7ab77f3b661af33
Frequently asked questions
-
What is CVE-2019-20934?
CVE-2019-20934 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.3 out of 10 , classified as an Use After Free flaw (CWE-416) . CVE-2019-20934 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2019-20934?
CVE-2019-20934 has a CVSS score of 5.3 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H. -
Is there a patch available for CVE-2019-20934?
No patch is currently available for CVE-2019-20934. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2019-20934 actively exploited?
No — CVE-2019-20934 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
-
What is Use After Free (CWE-416)?
The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. View CWE-416 on MITRE CWE →