Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2019-15794

Published: 24/04/2020 Updated: 26/05/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 5.0

linux linux kernel 5.3

canonical ubuntu linux 18.04

canonical ubuntu linux 19.10

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle vulnerabilities
Several security issues were fixed in the Linux kernel ...

Exploits

Exploit DB: Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Tested on 1910 Ubuntu's aufs kernel patch includes the following change (which I interestingly can't see in the AUFS code at githubcom/sfjro/aufs5-linux/blob/master/mm/mmapc): ================================================================== +#define vma_fput(vma) vma_do_fput(vma, __func__, __LINE__) [] @@ -1847,8 ...
Exploit DB: Ubuntu ubuntu-aufs-modified mmap_region() Refcounting Issue
Ubuntu suffers from an issue where ubuntu-aufs-modified mmap_region() breaks refcounting in overlayfs/shiftfs error path ...

References

CWE-672https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3https://usn.ubuntu.com/usn/usn-4208-1https://usn.ubuntu.com/usn/usn-4209-1https://nvd.nist.govhttps://usn.ubuntu.com/4209-1/https://www.exploit-db.com/exploits/47692
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook