Vulnerability Description
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 5.0 |
| Canonical | Ubuntu Linux | 18.04 |
Related Weaknesses (CWE)
References
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?Mailing ListPatchThird Party Advisory
- https://usn.ubuntu.com/usn/usn-4183-1Vendor Advisory
- https://usn.ubuntu.com/usn/usn-4184-1Vendor Advisory
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?Mailing ListPatchThird Party Advisory
- https://usn.ubuntu.com/usn/usn-4183-1Vendor Advisory
- https://usn.ubuntu.com/usn/usn-4184-1Vendor Advisory
FAQ
What is CVE-2019-15792?
CVE-2019-15792 is a vulnerability with a CVSS score of 7.1 (HIGH). In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resul...
How severe is CVE-2019-15792?
CVE-2019-15792 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15792?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.