CVE-2019-19813
published 2019-12-17CVE-2019-19813: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a…
PriorityP424medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
2.22%
80.3th percentile
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 5.2.6-1 (bookworm) | linux 5.2.6-1 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 5.2.6-1 | 5.2.6-1 |
| linux | linux_kernel | >= 0 < 4.4.0-201.233 | 4.4.0-201.233 |
| linux | linux_kernel | >= 0 < 4.15.0-109.110 | 4.15.0-109.110 |
| netapp | active_iq_unified_manager | >= 9.5 | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r82f-4c78-r455: In the Linux kernel 5
ghsa_unreviewed·2022-05-24
CVE-2019-19813 [HIGH] CWE-416 GHSA-r82f-4c78-r455: In the Linux kernel 5
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
OSV
linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2021-02-02·CVSS 5.5
CVE-2020-28374 [MEDIUM] linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An atta
OSV
linux, linux-lts-xenial vulnerabilities
osv·2021-01-28·CVSS 5.5
CVE-2018-13093 [MEDIUM] linux, linux-lts-xenial vulnerabilities
linux, linux-lts-xenial vulnerabilities
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly exe
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2020-07-06·CVSS 4.1
CVE-2019-16089 [MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of service
(system crash). (CVE-2019-16089)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19036,
CVE-2019-19318, CVE-2019-19813, CVE-2019-19816)
I
OSV
CVE-2019-19813: In the Linux kernel 5
osv·2019-12-17·CVSS 5.5
CVE-2019-19813 [MEDIUM] CVE-2019-19813: In the Linux kernel 5
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-02-02·CVSS 5.5
CVE-2020-28374 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system met
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-01-28·CVSS 5.5
CVE-2020-27777 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use this
to construct a malicious XFS image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13093)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19813,
CVE-2019-19816)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attack
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-07-06·CVSS 4.1
CVE-2019-19318 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the network block device (nbd) implementation in the
Linux kernel did not properly check for error conditions in some
situations. An attacker could possibly use this to cause a denial of service
(system crash). (CVE-2019-16089)
It was discovered that the btrfs file system implementation in the Linux
kernel did not properly validate file system metadata in some situations.
An attacker could use this to construct a malicious btrfs image that, when
mounted, could cause a denial of service (system crash). (CVE-2019-19036,
CVE-2019-19318, CVE-2019-19813, CVE-2019-19816)
It was discovered that the btrfs implementation in the Linux kernel did not
properly detect that a b
Red Hat
kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c
vendor_redhat·2019-12-17·CVSS 5.5
CVE-2019-19813 [MEDIUM] CWE-416 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c
kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-alt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise
Debian
CVE-2019-19813: linux - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performin...
vendor_debian·2019·CVSS 5.5
CVE-2019-19813 [MEDIUM] CVE-2019-19813: linux - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performin...
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
Scope: local
bookworm: resolved (fixed in 5.2.6-1)
bullseye: resolved (fixed in 5.2.6-1)
forky: resolved (fixed in 5.2.6-1)
sid: resolved (fixed in 5.2.6-1)
trixie: resolved (fixed in 5.2.6-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-19813 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c [fedora-all]
bugzilla·2019-12-18·CVSS 5.5
CVE-2019-19813 [MEDIUM] CVE-2019-19813 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c [fedora-all]
CVE-2019-19813 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Bugzilla
CVE-2019-19813 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c
bugzilla·2019-12-18·CVSS 5.5
CVE-2019-19813 [MEDIUM] CVE-2019-19813 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c
CVE-2019-19813 kernel: use-after-free in __mutex_lock in kernel/locking/mutex.c
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
Reference:
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1784913]
---
For Rhel8 the BTRFS not being used ("CONFIG_BTRFS_FS is not set"), so bug not actual for Rhel8.
Before Rhel8 this bug was not actual, because function mutex_can_
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://security.netapp.com/advisory/ntap-20200103-0001/https://usn.ubuntu.com/4414-1/https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813https://lists.debian.org/debian-lts-announce/2020/09/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://security.netapp.com/advisory/ntap-20200103-0001/https://usn.ubuntu.com/4414-1/
2019-12-17
Published