CVE-2019-19448

In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

CVSS v3.0 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448	Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4578-1/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:5.0.21:::::::*
	cpe:2.3:o:linux:linux_kernel:5.3.11:::::::*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Information

Published : 2019-12-07 18:15

Updated : 2023-02-27 07:30

NVD link : CVE-2019-19448

Mitre link : CVE-2019-19448

JSON object : View

CWE

CWE-416

Use After Free

Products Affected

netapp

cloud_backup
h610s_firmware
active_iq_unified_manager
steelstore_cloud_integrated_storage
aff_a400_firmware
h610s
aff_8300
aff_8700_firmware
aff_8300_firmware
aff_8700
fas_a400
data_availability_services
fas_8300
solidfire
aff_a400
fas_a400_firmware
solidfire_baseboard_management_controller
solidfire_baseboard_management_controller_firmware
fas_8700_firmware
a700s
a700s_firmware
hci_management_node
fas_8300_firmware
fas_8700

canonical

ubuntu_linux

linux

linux_kernel

debian

debian_linux

7.8 /10