CVE-2019-12448 — Race Condition in Gvfs

CWE-362 — Race Condition CWE-364 — Signal Handler Race Condition9 documents7 sources

Severity

8.1HIGHNVD

OSV7.3

EPSS

0.3%

top 45.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gvfs Debian Gvfs

Timeline

PublishedMay 29

Latest updateMay 24

Description

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶Debiangnome/gvfs< 1.38.1-4+3

▶Ubuntugnome/gvfs< 1.28.2-1ubuntu1~16.04.3+1

▶NVDgnome/gvfs1.29.4 — 1.41.2

▶debiandebian/gvfs< gvfs 1.38.1-4 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-x42r-3m27-mhv7: An issue was discovered in GNOME gvfs 1↗2022-05-24

▶

OSV

gvfs vulnerabilities↗2019-07-09

▶

OSV

CVE-2019-12448: An issue was discovered in GNOME gvfs 1↗2019-05-29

▶

📋Vendor Advisories

Ubuntu

GVfs vulnerabilities↗2019-07-09

▶

Red Hat

gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write↗2019-05-29

▶

Debian

CVE-2019-12448: gvfs - An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackenda...↗2019

▶

💬Community

Bugzilla

CVE-2019-12448 gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write↗2019-07-10

▶

Bugzilla

CVE-2019-12448 gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend doesn't implement query_info_on_read/write [fedora-all]↗2019-07-10

▶