Lucene search

K
cve[email protected]CVE-2019-19816
HistoryDec 17, 2019 - 6:15 a.m.

CVE-2019-19816

2019-12-1706:15:12
CWE-787
web.nvd.nist.gov
159
linux kernel
5.0.21
btrfs
filesystem image
slab-out-of-bounds
nvd
cve-2019-19816

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.6.124.4.247
OR
linuxlinux_kernelRange4.54.9.247
OR
linuxlinux_kernelRange4.104.14.210
OR
linuxlinux_kernelRange4.154.19.137
OR
linuxlinux_kernelRange4.205.2
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
Node
debiandebian_linuxMatch9.0
Node
netappactive_iq_unified_managerRange9.5vmware_vsphere
OR
netappdata_availability_servicesMatch-
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
netappaff_a700sMatch-
AND
netappaff_a700s_firmwareMatch-
Node
netappfas8300Match-
AND
netappfas8300_firmwareMatch-
Node
netappfas8700Match-
AND
netappfas8700_firmwareMatch-
Node
netappaff_a400Match-
AND
netappaff_a400_firmwareMatch-
Node
netapph610sMatch-
AND
netapph610s_firmwareMatch-

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%