Lucene search

[email protected]CVE-2019-19377

HistoryNov 29, 2019 - 4:15 p.m.

CVE-2019-19377

2019-11-2916:15:00

CWE-416

[email protected]

web.nvd.nist.gov

111

cve

linux

kernel

btrfs

filesystem

image

use-after-free

vulnerability

security

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.9%

JSON

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.6.5
linux:linux_kernellinux linux kernellt5.5.18
linux:linux_kernellinux linux kernellt4.19.156
linux:linux_kernellinux linux kernellt5.4.33
netapp:cloud_backupnetapp cloud backupeq-
netapp:steelstore_cloud_integrated_storagenetapp steelstore cloud integrated storageeq-
netapp:active_iq_unified_managernetapp active iq unified managereq-
netapp:solidfire_baseboard_management_controllernetapp solidfire baseboard management controllereq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.6.5
linux:linux_kernel	linux linux kernel	lt	5.5.18
linux:linux_kernel	linux linux kernel	lt	4.19.156
linux:linux_kernel	linux linux kernel	lt	5.4.33
netapp:cloud_backup	netapp cloud backup	eq	-
netapp:steelstore_cloud_integrated_storage	netapp steelstore cloud integrated storage	eq	-
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	-
netapp:solidfire_baseboard_management_controller	netapp solidfire baseboard management controller	eq	-