// For flags

CVE-2019-19318

 

Severity Score

4.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,

En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la función rwsem_owner_flags devuelve un puntero ya liberado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-11-26 CVE Reserved
  • 2019-11-27 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-11-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netapp
Search vendor "Netapp"
Aff A700s Firmware
Search vendor "Netapp" for product "Aff A700s Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Aff A700s
Search vendor "Netapp" for product "Aff A700s"
--
Safe
Netapp
Search vendor "Netapp"
Fas8300 Firmware
Search vendor "Netapp" for product "Fas8300 Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Fas8300
Search vendor "Netapp" for product "Fas8300"
--
Safe
Netapp
Search vendor "Netapp"
Fas8700 Firmware
Search vendor "Netapp" for product "Fas8700 Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Fas8700
Search vendor "Netapp" for product "Fas8700"
--
Safe
Netapp
Search vendor "Netapp"
Aff A400 Firmware
Search vendor "Netapp" for product "Aff A400 Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
Aff A400
Search vendor "Netapp" for product "Aff A400"
--
Safe
Netapp
Search vendor "Netapp"
H610s Firmware
Search vendor "Netapp" for product "H610s Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
H610s
Search vendor "Netapp" for product "H610s"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.0.21
Search vendor "Linux" for product "Linux Kernel" and version "5.0.21"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
5.3.11
Search vendor "Linux" for product "Linux Kernel" and version "5.3.11"
-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.1
Search vendor "Opensuse" for product "Leap" and version "15.1"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
>= 9.5
Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 9.5"
vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
Data Availability Services
Search vendor "Netapp" for product "Data Availability Services"
--
Affected
Netapp
Search vendor "Netapp"
Hci Management Node
Search vendor "Netapp" for product "Hci Management Node"
--
Affected
Netapp
Search vendor "Netapp"
Solidfire
Search vendor "Netapp" for product "Solidfire"
--
Affected
Netapp
Search vendor "Netapp"
Steelstore Cloud Integrated Storage
Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"
--
Affected