PT-2019-4500 · Linux+1 · Linux Kernel+1

Jann Horn

Publicado

2019-04-11

Atualizado

2025-09-29

CVE-2019-19927

CVSS v2.0

6.2

Média

Vetor

AV:L/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.0-rc7

Description The issue is related to a slab-out-of-bounds read access in the ttm put pages() function within the ttm module of the Linux kernel. This can occur when mounting a crafted f2fs filesystem image and performing certain operations. The vulnerability is associated with the vmwgfx or ttm module and can lead to a denial of service by executing commands in the mounted f2fs filesystem image.

Recommendations For Linux kernel version 5.0.0-rc7, consider disabling the ttm put pages() function as a temporary workaround until a patch is available. Restrict access to the vmwgfx and ttm modules to minimize the risk of exploitation. Avoid using the affected ttm module in the Linux kernel until the issue is resolved.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2020-00359

CVE-2019-19927

OPENSUSE-SU-2020:0336-1

OPENSUSE-SU-2020_0336-1

SUSE-SU-2020:0511-1

SUSE-SU-2020:0558-1

SUSE-SU-2020:0560-1

SUSE-SU-2020:0580-1

SUSE-SU-2020:0605-1

SUSE-SU-2020:0613-1

Produtos afetados

Linux Kernel

Suse

PT-2019-4500 · Linux+1 · Linux Kernel+1

CVE-2019-19927

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 434