PT-2019-4696 · Linux+3 · Linux Kernel+3

Publicado

2019-06-21

Atualizado

2025-09-29

CVE-2019-19318

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.3.11

Description The issue is related to a use-after-free in the rwsem down write slowpath function, specifically in the rwsem can spin on owner function within kernel/locking/rwsem.c. This occurs when mounting a crafted btrfs image twice, causing rwsem owner flags to return an already freed pointer. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For Linux kernel version 5.3.11, consider applying a patch that fixes the use-after-free issue in the rwsem down write slowpath function as a permanent solution. As a temporary workaround, restrict the mounting of crafted btrfs images to minimize the risk of exploitation.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2019-2120

ALT-PU-2019-2311

ALT-PU-2019-3180

ALT-PU-2019-3268

BDU:2020-01077

CVE-2019-19318

DLA-2586-1

OPENSUSE-SU-2020:0336-1

OPENSUSE-SU-2020_0336-1

SUSE-SU-2020:0511-1

SUSE-SU-2020:0558-1

SUSE-SU-2020:0559-1

SUSE-SU-2020:0560-1

SUSE-SU-2020:0580-1

SUSE-SU-2020:0584-1

SUSE-SU-2020:0599-1

SUSE-SU-2020:0605-1

SUSE-SU-2020:0613-1

SUSE-SU-2020:1663-1

SUSE-SU-2020_1663-1

USN-4414-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2019-4696 · Linux+3 · Linux Kernel+3

CVE-2019-19318

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 548