Lucene search

K

[email protected]NVD:CVE-2019-19448

HistoryDec 08, 2019 - 2:15 a.m.

CVE-2019-19448

2019-12-0802:15:09

CWE-416

[email protected]

web.nvd.nist.gov

1

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.31–4.4.233

OR

linuxlinux_kernelRange4.5.0–4.9.233

OR

linuxlinux_kernelRange4.10–4.14.194

OR

linuxlinux_kernelRange4.15–4.19.141

OR

linuxlinux_kernelRange4.20–5.4.60

OR

linuxlinux_kernelRange5.5.0–5.7.17

OR

linuxlinux_kernelRange5.8–5.8.3

Node

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04esm

OR

canonicalubuntu_linuxMatch16.04esm

OR

canonicalubuntu_linuxMatch18.04lts

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

OR

netappcloud_backupMatch-

OR

netappdata_availability_servicesMatch-

OR

netapphci_management_nodeMatch-

OR

netappsolidfireMatch-

OR

netappsteelstore_cloud_integrated_storageMatch-

Node

netappa700s_firmwareMatch-

AND

netappa700sMatch-

Node

netappfas_8300_firmwareMatch-

AND

netappfas_8300Match-

Node

netappfas_8700_firmwareMatch-

AND

netappfas_8700Match-

Node

netappfas_a400_firmwareMatch-

AND

netappfas_a400Match-

Node

netappaff_8300_firmwareMatch-

AND

netappaff_8300Match-

Node

netappaff_8700_firmwareMatch-

AND

netappaff_8700Match-

Node

netappaff_a400_firmwareMatch-

AND

netappaff_a400Match-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netappsolidfire_baseboard_management_controller_firmwareMatch-

AND

netappsolidfire_baseboard_management_controllerMatch-

References

github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448

lists.debian.org/debian-lts-announce/2020/09/msg00025.html

lists.debian.org/debian-lts-announce/2020/10/msg00032.html

lists.debian.org/debian-lts-announce/2020/10/msg00034.html

security.netapp.com/advisory/ntap-20200103-0001/

usn.ubuntu.com/4578-1/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

Related for NVD:CVE-2019-19448

symantec1 cve1 debiancve1 cvelist1 veracode1 redhatcve1 ubuntucve1 prion1 openvas5 mageia1 ibm1 nessus13 amazon2 osv3 cloudfoundry1 ubuntu1 cloudlinux2 oraclelinux4 debian3 photon1 slackware1