CVE-2019-20794

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.18 through 5.6.11

Description An issue in the Linux kernel allows a user to create their own PID namespace and mount a FUSE filesystem. If the userspace component is terminated via a kill of the PID namespace's pid 1, it results in a hung task and resources being permanently locked up until system reboot, leading to resource exhaustion. This issue is related to uncontrolled resource consumption in the FUSE filesystem implementation.

Recommendations For Linux kernel versions 4.18 through 5.6.11, consider disabling the FUSE filesystem feature until a patch is available to prevent resource exhaustion. As a temporary workaround, restrict the use of unprivileged user namespaces to minimize the risk of exploitation. Avoid terminating the userspace component of the FUSE filesystem via a kill of the PID namespace's pid 1 to prevent hung tasks and resource lockup.