ID CVE-2019-19319
Summary In the Linux kernel 5.0.21, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200103-0001/
debian DSA-4698
misc https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319
mlist
  • [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
  • [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
  • [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
suse openSUSE-SU-2020:0336
ubuntu USN-4391-1
Last major update 24-08-2020 - 17:37
Published 27-11-2019 - 23:15
Last modified 24-08-2020 - 17:37
Back to Top