Vulnerability Name: | CVE-2019-15791 (CCN-171524) | ||||||||||||||||
Assigned: | 2019-11-01 | ||||||||||||||||
Published: | 2019-11-01 | ||||||||||||||||
Updated: | 2020-05-01 | ||||||||||||||||
Summary: | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow. | ||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.6 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||
Vulnerability Type: | CWE-191 | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-15791 Source: CCN Type: Google Security Research Issue 1957 Ubuntu: refcount underflow and type confusion in shiftfs Source: XF Type: UNKNOWN ubuntu-cve201915791-code-exec(171524) Source: MISC Type: Mailing List, Patch, Third Party Advisory https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=601a64857b3d7040ca15c39c929e6b9db3373ec1 Source: CCN Type: Packet Storm Security [11-14-2019] Ubuntu shiftfs refcount Underflow / Type Confusion Source: CCN Type: Ubuntu Web site USN-4184-1: Linux kernel vulnerabilities Source: MISC Type: Third Party Advisory https://usn.ubuntu.com/usn/usn-4183-1 Source: MISC Type: Third Party Advisory https://usn.ubuntu.com/usn/usn-4184-1 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [11-20-2019] Source: CCN Type: IBM Security Bulletin 6205697 (Workload Automation) Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |