CVE-2019-19447

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html	Third Party Advisory
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html	Third Party Advisory
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::*

History

21 Nov 2024, 04:34

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html - Third Party Advisory
References	~~() https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 - Exploit, Third Party Advisory~~	() https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 - Exploit, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20200103-0001/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20200103-0001/ - Third Party Advisory

Information

Published : 2019-12-08 01:15

Updated : 2024-11-21 04:34

NVD link : CVE-2019-19447

Mitre link : CVE-2019-19447

CVE.ORG link : CVE-2019-19447

JSON object : View

Products Affected

netapp

cloud_backup
steelstore_cloud_integrated_storage
hci_baseboard_management_controller
solidfire_baseboard_management_controller
active_iq_unified_manager
data_availability_services

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10