PT-2019-4494 · Linux+2 · Linux Kernel+2

Published

2019-06-21

Updated

2026-05-26

CVE-2019-19814

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.21

Description The issue is related to the remove dirty segment function in the Linux kernel, which is vulnerable to a slab-out-of-bounds write access. This occurs when mounting a crafted f2fs filesystem image, allowing an attacker to cause a denial of service. The problem arises because an array is bounded by the number of dirty types (8), but the array index can exceed this.

Recommendations For Linux kernel version 5.0.21 and earlier, consider restricting access to the remove dirty segment function until a patch is available. As a temporary workaround, avoid using crafted f2fs filesystem images to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2019-2120

ALT-PU-2019-2311

BDU:2020-00353

CVE-2019-19814

ECHO-80DA-5A07-B637

Affected Products

Alt Linux

Debian

Linux Kernel

PT-2019-4494 · Linux+2 · Linux Kernel+2

CVE-2019-19814

Weakness Enumeration

Related Identifiers

Affected Products

References · 19