PT-2019-4495 · Linux+1 · Linux Kernel+1

Published

2019-05-08

Updated

2025-09-29

CVE-2019-19815

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.21

Description The issue is related to a NULL pointer dereference in the f2fs recover fsync data function in the Linux kernel, specifically when mounting a crafted f2fs filesystem image. This is connected to F2FS P SB in fs/f2fs/f2fs.h. The vulnerability can be exploited to gain unauthorized access to protected information using a mounted f2fs filesystem image.

Recommendations For Linux kernel version 5.0.21, consider disabling the f2fs recover fsync data function as a temporary workaround until a patch is available. Restrict access to the f2fs filesystem to minimize the risk of exploitation. Avoid using crafted f2fs filesystem images until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2019-2120

ALT-PU-2019-2311

BDU:2020-00354

CVE-2019-19815

Affected Products

Alt Linux

Linux Kernel

PT-2019-4495 · Linux+1 · Linux Kernel+1

CVE-2019-19815

Weakness Enumeration

Related Identifiers

Affected Products

References · 20