CVE-2019-19377

Опубликовано: 29 нояб. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

Ссылки

https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/4367-1/
Third Party Advisory
https://usn.ubuntu.com/4369-1/
Third Party Advisory
https://usn.ubuntu.com/4414-1/
Third Party Advisory
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/4367-1/
Third Party Advisory
https://usn.ubuntu.com/4369-1/
Third Party Advisory
https://usn.ubuntu.com/4414-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 2.6.12 (включая) до 4.19.156 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.33 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5.0 (включая) до 5.5.18 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.6 (включая) до 5.6.5 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00284

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2019-19377

CVSS3: 7.8

ubuntu

больше 5 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

CVE-2019-19377

CVSS3: 7.8

redhat

больше 5 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

CVE-2019-19377

CVSS3: 7.8

debian

больше 5 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...

GHSA-w83r-756w-m93f

CVSS3: 7.8

github

около 3 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

BDU:2022-05179

CVSS3: 7.8

fstec

больше 5 лет назад

Уязвимость функции btrfs_queue_work ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 51%

0.00284

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416