PT-2019-4495 · Linux+1 · Linux Kernel+1

Publicado

2019-05-08

Atualizado

2025-09-29

CVE-2019-19815

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.21

Description The issue is related to a NULL pointer dereference in the f2fs recover fsync data function in the Linux kernel, specifically when mounting a crafted f2fs filesystem image. This is connected to F2FS P SB in fs/f2fs/f2fs.h. The vulnerability can be exploited to gain unauthorized access to protected information using a mounted f2fs filesystem image.

Recommendations For Linux kernel version 5.0.21, consider disabling the f2fs recover fsync data function as a temporary workaround until a patch is available. Restrict access to the f2fs filesystem to minimize the risk of exploitation. Avoid using crafted f2fs filesystem images until the issue is resolved.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2019-2120

ALT-PU-2019-2311

BDU:2020-00354

CVE-2019-19815

Produtos afetados

Alt Linux

Linux Kernel

PT-2019-4495 · Linux+1 · Linux Kernel+1

CVE-2019-19815

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20