CVE-2019-19816
Ubuntu Security Notice USN-4709-1
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs especialmente diseñada y realizar algunas operaciones puede causar un acceso de escritura fuera de límites en la función __btrfs_map_block en el archivo fs/btrfs/volumes.c, porque un valor de 1 para el número de franjas de datos es mal manejado.
It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-16 CVE Reserved
- 2019-12-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200103-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4414-1 | 2023-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Aff A700s Firmware Search vendor "Netapp" for product "Aff A700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff A700s Search vendor "Netapp" for product "Aff A700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Fas8300 Firmware Search vendor "Netapp" for product "Fas8300 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas8300 Search vendor "Netapp" for product "Fas8300" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Fas8700 Firmware Search vendor "Netapp" for product "Fas8700 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas8700 Search vendor "Netapp" for product "Fas8700" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Aff A400 Firmware Search vendor "Netapp" for product "Aff A400 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff A400 Search vendor "Netapp" for product "Aff A400" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H610s Firmware Search vendor "Netapp" for product "H610s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H610s Search vendor "Netapp" for product "H610s" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.12 < 4.4.247 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 4.4.247" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.247 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.247" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.210" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.137 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.137" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | >= 9.5 Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 9.5" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Availability Services Search vendor "Netapp" for product "Data Availability Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||