PT-2019-4692 · Linux+6 · Linux Kernel+6

Jungyeon

Publicado

2019-04-09

Atualizado

2025-09-29

CVE-2019-19319

CVSS v2.0

6.8

Média

Vetor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2

Description The issue is related to a use-after-free in the ext4 xattr set entry function in fs/ext4/xattr.c, which can cause a slab-out-of-bounds write access. This can occur when a large old size value is used in a memset call after mounting a crafted ext4 image. The exploitation of this issue may allow a remote attacker to execute arbitrary code.

Recommendations For Linux kernel versions prior to 5.2, update to version 5.2 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Exploit

Correção

Memory Corruption

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-416

Identificadores relacionados

ALSA-2020:4431

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_13589

ALSA-2025_13590

ALSA-2025_16880

ALT-PU-2019-2120

ALT-PU-2019-2311

BDU:2020-01064

CESA-2020_4431

CESA-2020_4609

CVE-2019-19319

DLA-2241-1

DLA-2241-2

DLA-2242-1

DSA-4698-1

ELSA-2020-4431

OPENSUSE-SU-2020:0336-1

OPENSUSE-SU-2020_0336-1

RHSA-2020:4431

RHSA-2020:4609

RHSA-2020_4431

RHSA-2020_4609

SUSE-SU-2020:0093-1

SUSE-SU-2020:0511-1

SUSE-SU-2020:0559-1

SUSE-SU-2020:0560-1

SUSE-SU-2020:0580-1

SUSE-SU-2020:0584-1

SUSE-SU-2020:0599-1

SUSE-SU-2020:0613-1

SUSE-SU-2020:1255-1

SUSE-SU-2020:1275-1

SUSE-SU-2020:1663-1

SUSE-SU-2020_1275-1

SUSE-SU-2020_1663-1

USN-4391-1

Produtos afetados

Alt Linux

Almalinux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-4692 · Linux+6 · Linux Kernel+6

CVE-2019-19319

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 879