EUVD-2019-6715

Malware in sbrugna...

Design/Logic Flaw

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace calls fdgetoldfd, then without further checks passes the resulting file into shiftfsrealfdget, which casts file-privatedata, a void that points to a filesystem-depende...

CVE-2019-15794

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On...

CVE-2019-15793 Mishandling of file-system uid/gid with namespaces in shiftfs

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated in...

CVE-2019-15792

CVE-2019-15792 affects the shiftfs implementation in Ubuntu's kernel series (5.0 and 5.3), where shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd) and passes the resulting file* to shiftfs_real_fdget(), casting file->private_data (a void*) to a struct shiftfs_file_info *. Since private_data ...

CVE-2019-15791

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfsbtrfsioctlfdreplace installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, whi...

CVE-2019-15793

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated in...