Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19814

Опубликовано: 17 дек. 2019
Источник: redhat
CVSS3: 7.3
EPSS Низкий

Описание

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's F2FS file system exploiting the NAND flash memory-based storage device. This flaw allows a local attacker to crash the system or leak internal kernel information.

Отчет

There was no shipped kernel version were seen affected with this problem. These files are not built in our source code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1784917kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c

EPSS

Процентиль: 76%
0.00971
Низкий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19814

CVSS3: 7.8
ubuntu
около 6 лет назад

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

nvd логотип

CVE-2019-19814

CVSS3: 7.8
nvd
около 6 лет назад

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

debian логотип

CVE-2019-19814

CVSS3: 7.8
debian
около 6 лет назад

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...

github логотип

GHSA-m477-8gc9-rrj6

github
больше 3 лет назад

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

fstec логотип

BDU:2020-00353

CVSS3: 7.8
fstec
около 6 лет назад

Уязвимость функции __remove_dirty_segment ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 76%
0.00971
Низкий

7.3 High

CVSS3