CVE-2019-15792

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.0 and 5.3

Description The issue is related to a non-upstream patch in the Linux kernel, specifically in the shiftfs component. It involves a type conversion error, where the shiftfs btrfs ioctl fd replace() function calls fdget(oldfd) and then passes the resulting file* into shiftfs real fdget(), which casts file->private data to a struct shiftfs file info *. Since private data is not required to be a pointer, an attacker can exploit this to cause a denial of service or possibly execute arbitrary code.

Recommendations For Linux kernel versions 5.0 and 5.3, consider disabling the shiftfs btrfs ioctl fd replace() function as a temporary workaround until a patch is available. Restrict access to the shiftfs real fdget() function to minimize the risk of exploitation. Avoid using the private data variable in the affected kernel series until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.