Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15791Operation on a Resource after Expiration or Release in Shiftfs IN THE Linux Kernel

CWE-672Operation on a Resource after Expiration or ReleaseCWE-191Integer Underflow (Wrap or Wraparound)CWE-400Uncontrolled Resource Consumption15 documents9 sources
Severity
7.8HIGHNVD
CNA7.1OSV6.5
EPSS
0.1%
top 67.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Ubuntu Shiftfs IN THE Linux KernelCanonical Ubuntu LinuxLinux Kernel
Timeline
PublishedApr 24
Latest updateMay 24

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ubuntu/shiftfs_in_the_linux_kernel5.3.0-11.125.3 kernel*+1
NVDlinux/linux_kernel5.0, 5.3+1

Also affects: Ubuntu Linux 18.04, 19.04

Patches

Patch: git.launchpad.netPatch: git.launchpad.net

🔴Vulnerability Details

5
GHSA
GHSA-5fx5-7qgj-cmg7: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 52022-05-24
CVEList
Reference count underflow in shiftfs2020-04-23
OSV
linux, linux-hwe, linux-oem-osp1 vulnerability and regression2019-11-13
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities2019-11-13
OSV
CVE-2019-15791: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 52019-11-12

💥Exploits & PoCs

1
Exploit-DB
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs2019-11-20

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerability and regression2019-11-13
Ubuntu
Linux kernel vulnerabilities2019-11-13
Ubuntu
Linux kernel vulnerability2019-11-13
Ubuntu
Linux kernel vulnerabilities2019-11-13
Red Hat
kernel: reference count underflow was discovered in shiftfs implementation causing dos2019-11-01

💬Community

2
Bugzilla
CVE-2019-15791 kernel: reference count underflow was discovered in shiftfs implementation causing dos2020-02-11
Bugzilla
CVE-2019-15791 kernel: reference count underflow was discovered in shiftfs implementation causing dos [fedora-all]2020-02-11
CVE-2019-15791 — HIGH severity | cvebase