CVE-2019-19447
published 2019-12-08CVE-2019-19447: In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.4.6-1 (bookworm) | linux 5.4.6-1 (bookworm) |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 2.6.12 < 3.16.82 | 3.16.82 |
| linux | linux_kernel | >= 3.17 < 4.4.208 | 4.4.208 |
| linux | linux_kernel | >= 4.10 < 4.14.159 | 4.14.159 |
| linux | linux_kernel | >= 4.15 < 4.19.90 | 4.19.90 |
| linux | linux_kernel | >= 4.20 < 5.3.17 | 5.3.17 |
| linux | linux_kernel | >= 4.5.0 < 4.9.208 | 4.9.208 |
| linux | linux_kernel | >= 5.4 < 5.4.4 | 5.4.4 |
| netapp | hci_baseboard_management_controller | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH