Lucene search
K

127 matches found

NVD
NVD
added 2020/04/24 12:15 a.m.32 views

CVE-2019-15793

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated in...

8.8CVSS7.4AI score0.00685EPSS
Exploits2References3
Prion
Prion
added 2020/04/24 12:15 a.m.17 views

Design/Logic Flaw

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, whi...

4.6CVSS7.3AI score0.01317EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2020/04/24 12:15 a.m.21 views

Design/Logic Flaw

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated in...

4.6CVSS8.3AI score0.00685EPSS
Exploits2References3Affected Software2
Prion
Prion
added 2020/04/24 12:15 a.m.25 views

Design/Logic Flaw

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace calls fdgetoldfd, then without further checks passes the resulting file into shiftfsrealfdget, which casts file-privatedata, a void that points to a filesystem-depende...

4.6CVSS8.3AI score0.01102EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2020/04/24 12:15 a.m.22 views

Input validation

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

7.2CVSS6.2AI score0.01158EPSS
Exploits2References4Affected Software2
CVE
CVE
added 2020/04/23 11:55 p.m.241 views

CVE-2019-15794

CVE-2019-15794 describes a refcount underflow in the overlayfs/shiftfs error path when used with aufs patches. Specifically, both the Overlayfs and shiftfs patches in the Ubuntu 5.0 and 5.3 kernel series replace vma->vm_file in mmap handlers, and on error do not restore the original value; the...

7.2CVSS6.3AI score0.01158EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2020/04/23 11:55 p.m.38 views

CVE-2019-15794 Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

7.1CVSS7.7AI score0.01158EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2020/04/23 11:55 p.m.28 views

CVE-2019-15792

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace calls fdgetoldfd, then without further checks passes the resulting file into shiftfsrealfdget, which casts file-privatedata, a void that points to a filesystem-depende...

7.8CVSS8.4AI score0.01102EPSS
Exploits1
Debian CVE
Debian CVE
added 2020/04/23 11:55 p.m.33 views

CVE-2019-15793

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated in...

8.8CVSS8.5AI score0.00685EPSS
Exploits2
Cvelist
Cvelist
added 2020/04/23 11:55 p.m.36 views

CVE-2019-15792 Type confusion in shiftfs

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace calls fdgetoldfd, then without further checks passes the resulting file into shiftfsrealfdget, which casts file-privatedata, a void that points to a filesystem-depende...

7.1CVSS8.3AI score0.01102EPSS
Exploits1References3
CVE
CVE
added 2020/04/23 11:55 p.m.117 views

CVE-2019-15792

CVE-2019-15792 affects the shiftfs implementation in Ubuntu's kernel series (5.0 and 5.3), where shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd) and passes the resulting file* to shiftfs_real_fdget(), casting file->private_data (a void*) to a struct shiftfs_file_info *. Since private_data ...

7.8CVSS7.9AI score0.01102EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/04/23 11:55 p.m.120 views

CVE-2019-15793

CVE-2019-15793 concerns a shiftfs issue in Ubuntu’s patched Linux kernel (5.0/5.3). The bug translated user/group IDs to init_user_ns instead of the lower filesystem’s s_user_ns, risking bypass of discretionary access control. Consequence: local attacker could exploit the mis-translation to acces...

8.8CVSS7.2AI score0.00685EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/04/23 11:55 p.m.35 views

CVE-2019-15793 Mishandling of file-system uid/gid with namespaces in shiftfs

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated in...

6.5CVSS8.4AI score0.00685EPSS
Exploits2References3
Cvelist
Cvelist
added 2020/04/23 11:55 p.m.35 views

CVE-2019-15791 Reference count underflow in shiftfs

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, whi...

7.1CVSS7.7AI score0.01317EPSS
Exploits1References3
CVE
CVE
added 2020/04/23 11:55 p.m.118 views

CVE-2019-15791

CVE-2019-15791 describes a refcount underflow in the Linux kernel shiftfs implementation caused by a non-upstream patch in Ubuntu 5.0/5.3 kernels: shiftfs_btrfs_ioctl_fd_replace() can create a file descriptor to a lower-filesystem file without an extra reference, and closing the FD after the btrf...

7.8CVSS7.2AI score0.01317EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/04/23 11:55 p.m.29 views

CVE-2019-15791

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, whi...

7.8CVSS7.8AI score0.01317EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.5 views

The vulnerability of the shiftfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the shiftfs component in the Linux operating system’s kernel is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a perpetrator to cause service failures...

6.2CVSS7.3AI score0.01317EPSS
Exploits1References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.6 views

The vulnerability of the shiftfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the shiftfs component in the Linux operating system’s kernel is related to a data type conversion error. Exploiting this vulnerability can allow an attacker to cause a service failure...

6.2CVSS7.3AI score0.01102EPSS
Exploits1References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.6 views

The vulnerability of the shiftfs component in the Linux operating system’s kernel allows a hacker to increase their privileges.

The vulnerability of the shiftfs component in the Linux operating system’s kernel is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

4.9CVSS7.5AI score0.00685EPSS
Exploits2References7Affected Software3
Tenable Nessus
Tenable Nessus
added 2019/12/03 12:0 a.m.167 views

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4209-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4209-1 advisory. Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operatio...

9.8CVSS7.2AI score0.12651EPSS
Exploits2References4
Rows per page
Query Builder