1. Home
  2. CVE Database
  3. CVE-2019-19319
MEDIUM · 6.5

CVE-2019-19319

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xa...

Vulnerability Description

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LinuxLinux Kernel5.0.21
OpensuseLeap15.1
RedhatEnterprise Linux7.0

Related Weaknesses (CWE)

CWE-416CWE-787

References

FAQ

What is CVE-2019-19319?

CVE-2019-19319 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xa...

How severe is CVE-2019-19319?

CVE-2019-19319 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19319?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Leap, Redhat Enterprise Linux.