CVE-2019-15794: Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs
First published: Thu Apr 23 2020(Updated: )
Last updated 18 February 2025
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | =5.0 | |
| Linux Kernel | =5.3 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.10 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3
- https://usn.ubuntu.com/usn/usn-4208-1
- https://usn.ubuntu.com/usn/usn-4209-1
- https://launchpad.net/bugs/cve/CVE-2019-15794
- https://bugs.launchpad.net/bugs/1850994
- https://security-tracker.debian.org/tracker/CVE-2019-15794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15794
- https://nvd.nist.gov/vuln/detail/CVE-2019-15794
- https://ubuntu.com/security/CVE-2019-15794
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-15794.
What is the affected software?
The affected software includes the Linux kernel versions 5.0.0-1022.25 and 5.3.0-1008.9, as well as the Ubuntu 5.0 and 5.3 kernel series.
What is the impact of this vulnerability?
The vulnerability allows an attacker to overwrite arbitrary files in the underlying file system, potentially leading to privilege escalation or unauthorized access to sensitive information.
How do I fix CVE-2019-15794?
To fix CVE-2019-15794, it is recommended to update the affected software to the latest version provided by the Ubuntu or Linux kernel source.
Are there any references for this vulnerability?
Yes, you can find references for this vulnerability at the following URLs: [Reference 1](https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635), [Reference 2](https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3), [Reference 3](https://usn.ubuntu.com/usn/usn-4208-1)
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/title
- agent/severity
- agent/remedy
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/nvd-index
- agent/softwarecombine
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.0
- version/linux kernel/5.3
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/18.04
- version/ubuntu linux/19.10
- package-manager/debian
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/19.10