CVE-2019-15791 : In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

Published 2020-04-24 00:15:12

Updated 2020-05-01 14:55:04

Source Canonical Ltd.

View at NVD, CVE.org

Products affected by CVE-2019-15791

Linux » Linux Kernel » Version: 5.0
cpe:2.3:o:linux:linux_kernel:5.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.3
cpe:2.3:o:linux:linux_kernel:5.3:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-15791

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 34 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-15791

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	1.8	5.2	Canonical Ltd.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

CWE ids for CVE-2019-15791

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Assigned by: nvd@nist.gov (Primary)
CWE-672 Operation on a Resource after Expiration or Release

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Assigned by: security@ubuntu.com (Secondary)

References for CVE-2019-15791

https://usn.ubuntu.com/usn/usn-4183-1

USN-4183-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=601a64857b3d7040ca15c39c929e6b9db3373ec1

~ubuntu-kernel/ubuntu/+source/linux/+git/eoan - [no description]
Mailing List;Patch;Third Party Advisory
https://usn.ubuntu.com/usn/usn-4184-1

USN-4184-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-15791

Products affected by CVE-2019-15791

Exploit prediction scoring system (EPSS) score for CVE-2019-15791

CVSS scores for CVE-2019-15791

CWE ids for CVE-2019-15791

References for CVE-2019-15791