| Vulnerability Name: | CVE-2019-15794 (CCN-171446) | ||||||||||||||||
| Assigned: | 2019-11-12 | ||||||||||||||||
| Published: | 2019-11-12 | ||||||||||||||||
| Updated: | 2020-05-26 | ||||||||||||||||
| Summary: | Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow. | ||||||||||||||||
| CVSS v3 Severity: | 6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-672 | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-15794 Source: XF Type: UNKNOWN ubuntu-cve201915794-dos(171446) Source: MISC Type: Mailing List, Patch, Third Party Advisory https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635 Source: MISC Type: Mailing List, Patch, Third Party Advisory https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3 Source: CCN Type: Ubuntu Web site [PATCH 0/2][SRU][D/E] CVE-2019-15794: ovl/shiftfs refcount underflow Source: CCN Type: Packet Storm Security [11-12-2019] Ubuntu ubuntu-aufs-modified mmap_region() Refcounting Issue Source: MISC Type: Third Party Advisory https://usn.ubuntu.com/usn/usn-4208-1 Source: MISC Type: Third Party Advisory https://usn.ubuntu.com/usn/usn-4209-1 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [11-20-2019] Source: CCN Type: IBM Security Bulletin 6205697 (Workload Automation) Muluple vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5 Source: CCN Type: WhiteSource Vulnerability Database CVE-2019-15794 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||