Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-19036
HistoryNov 21, 2019 - 12:00 a.m.

CVE-2019-19036

2019-11-2100:00:00
ubuntu.com
ubuntu.com
7

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.1%

btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12
allows a NULL pointer dereference because rcu_dereference(root->node) can
be zero.

Bugs

Notes

Author Note
tyhicks Exploiting this vulnerability requires a crafted filesystem image to be mounted
sbeattie likely addressed by the btrfs write time tree-checker, which would mean it is addressed for kernels back through 4.4.x
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux-hwe< 5.3.0-26.28~18.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.15.0-112.113~16.04.1UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1077.81UNKNOWN
ubuntu19.10noarchlinux-aws< 5.3.0-1007.8UNKNOWN
ubuntu19.10noarchlinux-azure< 5.3.0-1007.8UNKNOWN
ubuntu14.04noarchlinux-azure< 4.15.0-1091.101~14.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1091.101~16.04.1UNKNOWN
ubuntu18.04noarchlinux-kvm< 4.15.0-1069.70UNKNOWN
ubuntu19.10noarchlinux-kvm< 5.3.0-1007.8UNKNOWN
ubuntu19.10noarchlinux-gcp< 5.3.0-1008.9UNKNOWN
Rows per page:
1-10 of 261

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.1%