CVE-2019-15794

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Ubuntu kernel series 5.0 and 5.3

Description The issue is related to the Overlayfs and ShiftFS drivers in the Linux kernel, specifically with operations on a resource after its expiration or release. This can lead to a denial of service or potentially allow an attacker to execute arbitrary code. The problem arises when the vma->vm file is replaced in the mmap handlers, and on error, the original value is not restored, causing a reference to be put for the file to which vm file points. This results in a refcount underflow due to changes in the mmap region() function by the aufs patches, which replace fput() with vma fput().

Recommendations For Linux kernel versions prior to the fixed version, consider applying a patch to restore the original vma->vm file value on error in the mmap handlers. For Ubuntu kernel series 5.0 and 5.3, apply the available patch or update to a newer kernel series that includes the fix. As a temporary workaround, consider restricting access to the vulnerable mmap region() function until a patch is available.