7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.018 Low
EPSS
Percentile
88.2%
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the
Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on
account of being out of disk quota. xfs_setattr_nonsize is failing to
unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is
primarily a local DoS attack vector, but it might result as well in remote
DoS if the XFS filesystem is exported for instance via NFS.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-65.74 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-31.33 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1051.53 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1018.20 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1051.53~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1022.23~18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-azure | < 5.0.0-1022.23 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1060.65 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-edge | < 5.0.0-1022.23~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure-edge | < 4.15.0-1060.65 | UNKNOWN |
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee
git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee
github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee
launchpad.net/bugs/cve/CVE-2019-15538
lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/
lore.kernel.org/linux-xfs/[email protected]
nvd.nist.gov/vuln/detail/CVE-2019-15538
security-tracker.debian.org/tracker/CVE-2019-15538
ubuntu.com/security/notices/USN-4144-1
ubuntu.com/security/notices/USN-4147-1
www.cve.org/CVERecord?id=CVE-2019-15538
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.018 Low
EPSS
Percentile
88.2%