PT-2019-4483 · Linux+5 · Linux Kernel+5

Published

2019-06-21

·

Updated

2026-03-14

·

CVE-2019-19449

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.21
Description The issue is related to a buffer overflow read in the Linux kernel, specifically in the functions f2fs build segment manager and init min max mtime in fs/f2fs/segment.c. This can be exploited by mounting a crafted f2fs filesystem image, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is due to the lack of validation of the second argument to the get seg entry function.
Recommendations For Linux kernel version 5.0.21, consider disabling the f2fs build segment manager function or restricting the mounting of f2fs filesystem images until a patch is available. Avoid using the init min max mtime function in the affected kernel version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024_2394
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2019-2120
ALT-PU-2019-2311
BDU:2020-00303
CVE-2019-19449
ECHO-3EAF-FE63-EB16
USN-5120-1
USN-5136-1
USN-5137-1
USN-5137-2
USN-5343-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Ubuntu