CVE-2019-19815 - In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer derefe

CVE-2019-19815

Summary

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.

References

https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815
https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56
https://security.netapp.com/advisory/ntap-20200103-0001/

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 03-01-2020 - 11:15)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200103-0001/
misc	https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815 https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56

Last major update

03-01-2020 - 11:15

Published

17-12-2019 - 07:15

Last modified

03-01-2020 - 11:15