CVE-2019-15792

Published: Apr 23, 2020

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.

Vendor	Product	Versions
Ubuntu	Shiftfs in the Linux kernel	affected `5.3.0-11.12 - < 5.3 kernel*` affected `5.0 kernel - < 5.0.0-35.38`

Weaknesses (CWE)

CWE-843

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

References

https://usn.ubuntu.com/usn/usn-4183-1

x_refsource_MISC

https://usn.ubuntu.com/usn/usn-4184-1

x_refsource_MISC

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=5df147c8140efc71ac0879ae3b0057f577226d4c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-15792

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References