Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-15794
HistoryApr 24, 2020 - 12:15 a.m.

CVE-2019-15794

2020-04-2400:15:11
CWE-672
[email protected]
web.nvd.nist.gov
148
cve
2019
15794
overlayfs
shiftfs
linux kernel
refcount
mmap handler
security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.

Affected configurations

NVD
Node
linuxlinux_kernelMatch5.0
OR
linuxlinux_kernelMatch5.3
Node
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.10

CNA Affected

[
  {
    "product": "Linux kernel",
    "vendor": "Ubuntu",
    "versions": [
      {
        "lessThan": "5.3.0-24.26",
        "status": "affected",
        "version": "5.3 kernel",
        "versionType": "custom"
      },
      {
        "lessThan": "5.0.0-37.40",
        "status": "affected",
        "version": "5.0 kernel",
        "versionType": "custom"
      }
    ]
  }
]

Related

packetstorm 1
debiancve 1
zdt 1
ubuntucve 1
redhatcve 1
prion 1
nvd 1
cvelist 1
ubuntu 2
nessus 2
openvas 2
ibm 1
avleonov 1
packetstorm
packetstorm
Ubuntu ubuntu-aufs-modified mmap_region() Refcounting Issue
2019-11-12 00:00:00
debiancve
debiancve
CVE-2019-15794
2020-04-24 00:15:11
zdt
zdt
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
2019-11-20 00:00:00
ubuntucve
ubuntucve
CVE-2019-15794
2019-11-08 00:00:00
redhatcve
redhatcve
CVE-2019-15794
2020-05-04 14:40:03
prion
prion
Input validation
2020-04-24 00:15:00
nvd
nvd
CVE-2019-15794
2020-04-24 00:15:11
cvelist
cvelist
CVE-2019-15794 Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs
2019-11-08 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-12-02 00:00:00
Linux kernel vulnerabilities
2019-12-02 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4209-1)
2019-12-03 00:00:00
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4208-1)
2019-12-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4209-1)
2019-12-04 00:00:00
Ubuntu: Security Advisory (USN-4208-1)
2019-12-04 00:00:00
ibm
ibm
Security Bulletin: Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5
2020-06-19 15:05:50
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON
Related for CVE-2019-15794
packetstorm1debiancve1zdt1ubuntucve1redhatcve1prion1nvd1cvelist1ubuntu2nessus2openvas2ibm1avleonov1