Lucene search

K

[email protected]CVE-2019-19816

HistoryDec 17, 2019 - 6:15 a.m.

CVE-2019-19816

2019-12-1706:15:12

CWE-787

[email protected]

web.nvd.nist.gov

163

linux kernel

5.0.21

btrfs

filesystem image

slab-out-of-bounds

nvd

cve-2019-19816

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

46.3%

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.12–4.4.247

OR

linuxlinux_kernelRange4.5–4.9.247

OR

linuxlinux_kernelRange4.10–4.14.210

OR

linuxlinux_kernelRange4.15–4.19.137

OR

linuxlinux_kernelRange4.20–5.2

Node

canonicalubuntu_linuxMatch14.04esm

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

Node

debiandebian_linuxMatch9.0

Node

netappactive_iq_unified_managerRange9.5≥vmware_vsphere

OR

netappdata_availability_servicesMatch-

OR

netapphci_management_nodeMatch-

OR

netappsolidfireMatch-

OR

netappsteelstore_cloud_integrated_storageMatch-

Node

netappaff_a700sMatch-

AND

netappaff_a700s_firmwareMatch-

Node

netappfas8300Match-

AND

netappfas8300_firmwareMatch-

Node

netappfas8700Match-

AND

netappfas8700_firmwareMatch-

Node

netappaff_a400Match-

AND

netappaff_a400_firmwareMatch-

Node

netapph610sMatch-

AND

netapph610s_firmwareMatch-

References

github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816

lists.debian.org/debian-lts-announce/2020/09/msg00025.html

lists.debian.org/debian-lts-announce/2020/12/msg00015.html

lists.debian.org/debian-lts-announce/2021/03/msg00010.html

security.netapp.com/advisory/ntap-20200103-0001/

usn.ubuntu.com/4414-1/

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

46.3%

Related for CVE-2019-19816

osv6 redhatcve1 ubuntucve1 prion1 nvd1 cvelist1 debiancve1 photon6 nessus15 ibm1 openvas6 ubuntu3 amazon2 oraclelinux3 cloudfoundry1 debian3