CVE-2019-19319 - In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cau

CVE-2019-19319

Summary

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 09-02-2021 - 19:15)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

redhat via4

rpms

bpftool-0:4.18.0-240.el8
bpftool-debuginfo-0:4.18.0-240.el8
kernel-0:4.18.0-240.el8
kernel-abi-whitelists-0:4.18.0-240.el8
kernel-core-0:4.18.0-240.el8
kernel-cross-headers-0:4.18.0-240.el8
kernel-debug-0:4.18.0-240.el8
kernel-debug-core-0:4.18.0-240.el8
kernel-debug-debuginfo-0:4.18.0-240.el8
kernel-debug-devel-0:4.18.0-240.el8
kernel-debug-modules-0:4.18.0-240.el8
kernel-debug-modules-extra-0:4.18.0-240.el8
kernel-debuginfo-0:4.18.0-240.el8
kernel-debuginfo-common-aarch64-0:4.18.0-240.el8
kernel-debuginfo-common-ppc64le-0:4.18.0-240.el8
kernel-debuginfo-common-s390x-0:4.18.0-240.el8
kernel-debuginfo-common-x86_64-0:4.18.0-240.el8
kernel-devel-0:4.18.0-240.el8
kernel-doc-0:4.18.0-240.el8
kernel-headers-0:4.18.0-240.el8
kernel-modules-0:4.18.0-240.el8
kernel-modules-extra-0:4.18.0-240.el8
kernel-tools-0:4.18.0-240.el8
kernel-tools-debuginfo-0:4.18.0-240.el8
kernel-tools-libs-0:4.18.0-240.el8
kernel-tools-libs-devel-0:4.18.0-240.el8
kernel-zfcpdump-0:4.18.0-240.el8
kernel-zfcpdump-core-0:4.18.0-240.el8
kernel-zfcpdump-debuginfo-0:4.18.0-240.el8
kernel-zfcpdump-devel-0:4.18.0-240.el8
kernel-zfcpdump-modules-0:4.18.0-240.el8
kernel-zfcpdump-modules-extra-0:4.18.0-240.el8
perf-0:4.18.0-240.el8
perf-debuginfo-0:4.18.0-240.el8
python3-perf-0:4.18.0-240.el8
python3-perf-debuginfo-0:4.18.0-240.el8
kernel-rt-0:4.18.0-240.rt7.54.el8
kernel-rt-core-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-core-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-debuginfo-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-devel-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-kvm-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-modules-0:4.18.0-240.rt7.54.el8
kernel-rt-debug-modules-extra-0:4.18.0-240.rt7.54.el8
kernel-rt-debuginfo-0:4.18.0-240.rt7.54.el8
kernel-rt-debuginfo-common-x86_64-0:4.18.0-240.rt7.54.el8
kernel-rt-devel-0:4.18.0-240.rt7.54.el8
kernel-rt-kvm-0:4.18.0-240.rt7.54.el8
kernel-rt-modules-0:4.18.0-240.rt7.54.el8
kernel-rt-modules-extra-0:4.18.0-240.rt7.54.el8

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200103-0001/
debian	DSA-4698
misc	https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319
mlist	[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
suse	openSUSE-SU-2020:0336
ubuntu	USN-4391-1

Last major update

09-02-2021 - 19:15

Published

27-11-2019 - 23:15

Last modified

09-02-2021 - 19:15