exploitDog

CVE-2019-19816

Опубликовано: 17 дек. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

Ссылки

https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/
Third Party Advisory
https://usn.ubuntu.com/4414-1/
Third Party Advisory
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/
Third Party Advisory
https://usn.ubuntu.com/4414-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 2.6.12 (включая) до 4.4.247 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.247 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.210 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.137 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*

Версия от 9.5 (включая)

cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00188

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-19816

CVSS3: 7.8

ubuntu

больше 5 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

CVE-2019-19816

CVSS3: 7.8

redhat

больше 5 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

CVE-2019-19816

CVSS3: 7.8

debian

больше 5 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...

GHSA-m6v9-2r23-587c

CVSS3: 7.8

github

около 3 лет назад

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

BDU:2020-00352

CVSS3: 7.8

fstec

больше 6 лет назад

Уязвимость функции __btrfs_map_block ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 41%

0.00188

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787