CVE-2019-19447 — Use After Free in Kernel

CWE-416 — Use After Free8 documents7 sources

Severity

7.8HIGHNVD

EPSS

1.7%

top 17.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Netapp HCI Baseboard Management Controller

Timeline

PublishedDec 8

Latest updateMay 24

Description

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.12 — 3.16.82+6

▶Debianlinux/linux_kernel< 5.4.6-1+3

▶NVDnetapp/hci_baseboard_management_controllerh610s

🔴Vulnerability Details

GHSA

GHSA-jx5x-5x47-rh28: In the Linux kernel 5↗2022-05-24

▶

OSV

CVE-2019-19447: In the Linux kernel 5↗2019-12-08

▶

CVEList

CVE-2019-19447: In the Linux kernel 5↗2019-12-08

▶

📋Vendor Advisories

Red Hat

kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c↗2019-12-10

▶

Debian

CVE-2019-19447: linux - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing...↗2019

▶

💬Community

Bugzilla

CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c↗2019-12-10

▶

Bugzilla

CVE-2019-19447 kernel: CVE-2019-19447kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c [fed↗2019-12-10

▶