CVE-2019-25044: 
Container-Optimized OS vulnerability analysis and mitigation

The block subsystem in the Linux kernel before version 5.2 contains a use-after-free vulnerability (CVE-2019-25044) that can lead to arbitrary code execution in the kernel context and privilege escalation. The vulnerability is related to blkmqfreerqs and blkcleanup_queue functions, also known as CID-c3e2219216c9 (NVD).

The vulnerability stems from a use-after-free condition in the block subsystem where a freed object is accessed in the blkmqfreerqs function. The issue occurs when the vulnerable object is accidentally freed in loopremove, but then accessed later in blkmqfreerqs, triggering an unauthorized memory access. The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, [SyzScope](https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-blkmqfreerqs)).

The vulnerability can be exploited to achieve arbitrary code execution in the kernel context through control flow hijacking. Attackers can potentially overwrite the freed object through heap spraying and hijack control flow when dereferencing function pointers, leading to privilege escalation. This could result in complete system compromise with high impact on confidentiality, integrity, and availability (SyzScope).

The vulnerability was fixed in Linux kernel version 5.2 through commit c3e2219216c9, which addresses the issue by moving the freeing of request pool of sched tags into blkcleanupqueue. This ensures proper cleanup timing and prevents the use-after-free condition (Kernel Commit).

NetApp has issued an advisory acknowledging the vulnerability's impact on several of their products, including Cloud Backup, HCI Baseboard Management Controller, and SolidFire & HCI Management Node. They have provided fixes for some affected products while marking others as 'Won't Fix' due to end-of-availability (NetApp Advisory).