Vulnerability Details : CVE-2019-11487
Potential exploit
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-11487
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Threat overview for CVE-2019-11487
Top countries where our scanners detected CVE-2019-11487
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2019-11487 24,382
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-11487!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-11487
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11487
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-11487
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11487
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
fs: prevent page refcount overflow in pipe_buf_get · torvalds/linux@15fab63 · GitHubPatch;Third Party Advisory
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
1752 - Linux: page->_refcount overflow via FUSE with ~140GiB RAM usage - project-zero - MonorailMitigation;Exploit;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://usn.ubuntu.com/4118-1/
USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
[security-announce] openSUSE-SU-2019:1570-1: important: Security updateMailing List;Third Party Advisory
-
https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64
mm: prevent get_user_pages() from overflowing page refcount · torvalds/linux@8fde12c · GitHubPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0174
RHSA-2020:0174 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
[SECURITY] [DLA 1919-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190517-0005/
May 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://usn.ubuntu.com/4145-1/
USN-4145-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
[SECURITY] [DLA 1919-2] linux-4.9 security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/108054
Linux Kernel CVE-2019-11487 Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://support.f5.com/csp/article/K14255532
Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
[security-announce] openSUSE-SU-2019:1571-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
[security-announce] openSUSE-SU-2019:1579-1: important: Security updateMailing List;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2019/04/29/1
oss-security - Linux kernel: multiple issuesMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4115-1/
USN-4115-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a
Merge branch 'page-refs' (page ref overflow) · torvalds/linux@6b3a707 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4069-2/
USN-4069-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2703
RHSA-2019:2703 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://access.redhat.com/errata/RHSA-2019:2741
RHSA-2019:2741 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lwn.net/Articles/786044/
Avoiding page reference-count overflows [LWN.net]Exploit;Third Party Advisory
-
https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397
mm: add 'try_get_page()' helper function · torvalds/linux@88b1a17 · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4069-1/
USN-4069-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3
mm: make page ref count overflow check tighter and more explicit · torvalds/linux@f958d7b · GitHubPatch;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
Jump to