CVE-2019-11487Use After Free in Kernel

CWE-416Use After Free19 documents8 sources
Severity
7.8HIGHNVD
OSV4.6OSV3.3
EPSS
0.1%
top 70.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedApr 23
Latest updateFeb 20

Description

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.54.9.181+5
Debianlinux/linux_kernel< 4.19.37-1+3
Ubuntulinux/linux_kernel< 4.4.0-165.193+2
debiandebian/linux< linux 4.19.37-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, 19.04

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
GHSA
GHSA-vrxc-79fp-6683: The Linux kernel before 52022-05-24
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-10-01
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regression2019-09-11
OSV
linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities2019-09-02
OSV
linux-aws vulnerabilities2019-09-02

📋Vendor Advisories

8
Ubuntu
Linux kernel vulnerabilities2019-10-01
Ubuntu
Linux kernel regression2019-09-11
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-09-02
Ubuntu
Linux kernel (HWE) vulnerabilities2019-08-01

📄Research Papers

1
arXiv
Programmable System Call Security with eBPF2023-02-20

💬Community

2
Bugzilla
CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues. [fedora-all]2019-04-25
Bugzilla
CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.2019-04-25