ID CVE-2019-19813
Summary In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 12-03-2021 - 16:11)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200103-0001/
misc https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813
mlist [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
ubuntu USN-4414-1
Last major update 12-03-2021 - 16:11
Published 17-12-2019 - 06:15
Last modified 12-03-2021 - 16:11
Back to Top