Lucene search

Ubuntu.comUB:CVE-2019-20794

HistoryMay 09, 2020 - 12:00 a.m.

CVE-2019-20794

2020-05-0900:00:00

ubuntu.com

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.2%

JSON

An issue was discovered in the Linux kernel 4.18 through 5.6.11 when
unprivileged user namespaces are allowed. A user can create their own PID
namespace, and mount a FUSE filesystem. Upon interaction with this FUSE
filesystem, if the userspace component is terminated via a kill of the PID
namespace’s pid 1, it will result in a hung task, and resources being
permanently locked up until system reboot. This can result in resource
exhaustion.

Notes

Author	Note
jdstrand	Patch not available, unclear if >=5.6.12 has the fix or if the range is wrong. All distros consider this minor.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN

Rows per page:

1-10 of 581

References

github.com/sargun/fuse-example

launchpad.net/bugs/cve/CVE-2019-20794

lore.kernel.org/lkml/1e796f9e008fb78fb96358ff74f39bd4865a7c88.1604926010.git.gladkov.alexey@gmail.com/

nvd.nist.gov/vuln/detail/CVE-2019-20794

security-tracker.debian.org/tracker/CVE-2019-20794

sourceforge.net/p/fuse/mailman/message/36598753/

www.cve.org/CVERecord?id=CVE-2019-20794

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.2%

JSON

Related for UB:CVE-2019-20794