PT-2019-6466 · Linux+6 · Linux Kernel+6

Publicado

2019-11-07

·

Atualizado

2021-05-28

·

CVE-2019-19767

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.2
Description The issue is related to the mishandling of ext4 expand extra isize in the Linux kernel, which can lead to use-after-free errors in ext4 expand extra isize and ext4 xattr set entry. This is connected to the components fs/ext4/inode.c and fs/ext4/super.c. The vulnerability can be exploited by a remote attacker to cause a denial of service.
Recommendations For Linux kernel versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected components fs/ext4/inode.c and fs/ext4/super.c to minimize the risk of exploitation.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALSA-2020:4431
ALT-PU-2019-3293
ALT-PU-2019-3343
ALT-PU-2019-3369
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2025-00844
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2019-19767
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020_0336-1
RHSA-2020:2854
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
SUSE-SU-2019:3381-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0511-1
SUSE-SU-2020:0559-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0580-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
USN-4258-1
USN-4284-1
USN-4287-1
USN-4287-2

Produtos afetados

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu