PT-2019-2630 · Gnome+7 · Gnome Gvfs+7

Malte Kraus

Published

2019-05-29

Updated

2024-06-15

CVE-2019-12448

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNOME gvfs versions 1.29.4 through 1.41.2

Description The issue is caused by a race condition in the daemon/gvfsbackendadmin.c component of the GVFS subsystem in the GNOME desktop environment for Linux operating systems. This occurs due to concurrent execution using a shared resource with incorrect synchronization, allowing a remote attacker to potentially impact the integrity, confidentiality, and availability of protected information.

Recommendations For versions 1.29.4 through 1.41.2, consider disabling the admin backend functionality in daemon/gvfsbackendadmin.c as a temporary workaround until a patch is available. Restrict access to the vulnerable GVFS subsystem to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2020:1766

ALT-PU-2019-2363

ALT-PU-2019-2406

ALT-PU-2019-2783

BDU:2019-02515

CESA-2020_1766

CVE-2019-12448

MGASA-2019-0214

OPENSUSE-SU-2019:1697-1

OPENSUSE-SU-2019:1699-1

OPENSUSE-SU-2019_1697-1

OPENSUSE-SU-2019_1699-1

OPENSUSE-SU-2024:10838-1

RHSA-2020:1766

RHSA-2020_1766

RLSA-2020:1766

SUSE-SU-2019:1717-1

USN-4053-1

Affected Products

Alt Linux

Almalinux

Centos

Gnome Gvfs

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-2630 · Gnome+7 · Gnome Gvfs+7

CVE-2019-12448

Weakness Enumeration

Related Identifiers

Affected Products

References · 149