CVE-2019-19814 - In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segmen

CVE-2019-19814

Summary

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

References

https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814
https://security.netapp.com/advisory/ntap-20200103-0001/

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 03-01-2020 - 11:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200103-0001/
misc	https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814

Last major update

03-01-2020 - 11:15

Published

17-12-2019 - 06:15

Last modified

03-01-2020 - 11:15