CVE-2019-15793
published 2020-04-24CVE-2019-15793: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group…
PriorityP348high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EXPLOIT
EPSS
0.69%
47.9th percentile
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| ubuntu | shiftfs_in_the_linux_kernel | >= 5.0 kernel < 5.0.0-35.38 | 5.0.0-35.38 |
| ubuntu | shiftfs_in_the_linux_kernel | >= 5.3.0-11.12 < 5.3 kernel* | 5.3 kernel* |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian6.5LOW
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerability and regression
vendor_ubuntu·2019-11-13·CVSS 6.5
CVE-2019-0155 [MEDIUM] Linux kernel vulnerability and regression
Title: Linux kernel vulnerability and regression
Summary: Several issues were fixed in the Linux kernel.
USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered
that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command
Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the
update introduced a regression that broke KVM guests where extended
page tables (EPT) are disabled or not supported. This update addresses
both issues.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronizati
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-11-13·CVSS 6.5
CVE-2018-12207 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11135)
It was discovered that the Intel i915 graphics chipsets allowed userspace
to modify page table entries via writes to MMIO from the Blitter Command
Streamer and expose kernel memory informat
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2019-11-13·CVSS 6.5
CVE-2019-0155 [MEDIUM] Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: Several security issues were fixed in the Linux kernel.
USN-4183-1 fixed vulnerabilities in the Linux kernel. It was
discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter
Command Streamer check) was incomplete on 64-bit Intel x86 systems.
This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-11-13·CVSS 6.5
CVE-2018-12207 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11135)
It was discovered that the Intel i915 graphics chipsets allowed userspace
to modify page table entries via writes to MMIO from the Blitter Command
Streamer and expose kernel memory informat
Debian
CVE-2019-15793: linux - In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 ...
vendor_debian·2019·CVSS 6.5
CVE-2019-15793 [MEDIUM] CVE-2019-15793: linux - In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 ...
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-h5g7-x752-wjh8: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5
ghsa_unreviewed·2022-05-24
CVE-2019-15793 [MEDIUM] GHSA-h5g7-x752-wjh8: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
OSV
linux, linux-hwe, linux-oem-osp1 vulnerability and regression
osv·2019-11-13·CVSS 6.5
CVE-2019-0155 [MEDIUM] linux, linux-hwe, linux-oem-osp1 vulnerability and regression
linux, linux-hwe, linux-oem-osp1 vulnerability and regression
USN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered
that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command
Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the
update introduced a regression that broke KVM guests where extended
page tables (EPT) are disabled or not supported. This update addresses
both issues.
We apologize for the inconvenience.
Original advisory details:
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory cont
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities
osv·2019-11-13·CVSS 6.5
[MEDIUM] linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities
linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-raspi2 vulnerabilities
Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo,
Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz
Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel
processors using Transactional Synchronization Extensions (TSX) could
expose memory contents previously stored in microarchitectural buffers to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2019-11135)
It was discovered that the Intel i915 graphics chipsets allowed userspace
to modify page table entries via writes to MMIO from the Blitter Command
Stream
OSV
CVE-2019-15793: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5
osv·2019-11-12·CVSS 8.8
CVE-2019-15793 [HIGH] CVE-2019-15793: In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
No detection rules found.
No writeups or analysis indexed.
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bbhttps://usn.ubuntu.com/usn/usn-4183-1https://usn.ubuntu.com/usn/usn-4184-1https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bbhttps://usn.ubuntu.com/usn/usn-4183-1https://usn.ubuntu.com/usn/usn-4184-1
2020-04-24
Published