QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11487

Published: Apr 23, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

[oss-security] 20190429 Linux kernel: multiple issues

mailing-list

x_refsource_MLIST

openSUSE-SU-2019:1570

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1571

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1579

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20190517-0005/

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a

x_refsource_MISC

https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb

x_refsource_MISC

https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64

x_refsource_MISC

https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397

x_refsource_MISC

https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3

x_refsource_MISC

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3

x_refsource_MISC

https://bugs.chromium.org/p/project-zero/issues/detail?id=1752

x_refsource_MISC

https://lwn.net/Articles/786044/

x_refsource_MISC

https://support.f5.com/csp/article/K14255532

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2019-11487 - Security Vulnerability | QwikSec