PT-2019-4500 · Linux+1 · Linux Kernel+1

Jann Horn

Published

2019-04-11

Updated

2025-09-29

CVE-2019-19927

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.0.0-rc7

Description The issue is related to a slab-out-of-bounds read access in the ttm put pages() function within the ttm module of the Linux kernel. This can occur when mounting a crafted f2fs filesystem image and performing certain operations. The vulnerability is associated with the vmwgfx or ttm module and can lead to a denial of service by executing commands in the mounted f2fs filesystem image.

Recommendations For Linux kernel version 5.0.0-rc7, consider disabling the ttm put pages() function as a temporary workaround until a patch is available. Restrict access to the vmwgfx and ttm modules to minimize the risk of exploitation. Avoid using the affected ttm module in the Linux kernel until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2020-00359

CVE-2019-19927

OPENSUSE-SU-2020:0336-1

OPENSUSE-SU-2020_0336-1

SUSE-SU-2020:0511-1

SUSE-SU-2020:0558-1

SUSE-SU-2020:0560-1

SUSE-SU-2020:0580-1

SUSE-SU-2020:0605-1

SUSE-SU-2020:0613-1

Affected Products

Linux Kernel

Suse

PT-2019-4500 · Linux+1 · Linux Kernel+1

CVE-2019-19927

Weakness Enumeration

Related Identifiers

Affected Products

References · 434