Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-15792 — Type Confusion in Shiftfs IN THE Linux Kernel
Severity
7.8HIGHNVD
CNA7.1OSV6.5
EPSS
0.2%
top 56.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 24
Latest updateMay 24
Description
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Ubuntu Linux 18.04, 19.04
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-rx63-pxf9-gqg8: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5↗2022-05-24
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities↗2019-11-13
OSV▶
CVE-2019-15792: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5↗2019-11-12
💥Exploits & PoCs
1📋Vendor Advisories
5Debian▶
CVE-2019-15792: linux - In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 ...↗2019