CVE-2019-19447: Use After Free
First published: Sun Dec 08 2019(Updated: )
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel-alt | <0:4.14.0-115.21.2.el7a | 0:4.14.0-115.21.2.el7a |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel | <0:3.10.0-693.81.1.el7 | 0:3.10.0-693.81.1.el7 |
| redhat/kernel | <0:3.10.0-957.65.1.el7 | 0:3.10.0-957.65.1.el7 |
| redhat/kernel | <0:3.10.0-1062.40.1.el7 | 0:3.10.0-1062.40.1.el7 |
| redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
| redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
| Linux Linux kernel | >=2.6.12<3.16.82 | |
| Linux Linux kernel | >=3.17<4.4.208 | |
| Linux Linux kernel | >=4.5.0<4.9.208 | |
| Linux Linux kernel | >=4.10<4.14.159 | |
| Linux Linux kernel | >=4.15<4.19.90 | |
| Linux Linux kernel | >=4.20<5.3.17 | |
| Linux Linux kernel | >=5.4<5.4.4 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Data Availability Services | ||
| Netapp Hci Baseboard Management Controller | =h610s | |
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Solidfire Baseboard Management Controller |
Remedy
Ext4 filesytems are built into the kernel so it is not possible to prevent the kernel module from loading. However, this flaw can be prevented by disallowing mounting of untrusted filesystems. As mounting is a privileged operation, (except for device hotplug) removing the ability for mounting and unmounting will prevent this flaw from being exploited.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://bugzilla.kernel.org/show_bug.cgi?id=205433
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1781680
- https://access.redhat.com/errata/RHSA-2020:2104
- https://access.redhat.com/security/cve/cve-2019-19447
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:4431
- https://access.redhat.com/errata/RHSA-2020:4609
- https://access.redhat.com/errata/RHSA-2020:5206
- https://access.redhat.com/errata/RHSA-2020:5430
- https://access.redhat.com/errata/RHSA-2020:5656
- https://bugzilla.redhat.com/show_bug.cgi?id=1781679
- https://www.cve.org/CVERecord?id=CVE-2019-19447 https://nvd.nist.gov/vuln/detail/CVE-2019-19447 https://bugzilla.kernel.org/show_bug.cgi?id=205433 https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-19447?
CVE-2019-19447 is a vulnerability in the Linux kernel's ext4_unlink function that allows an attacker to corrupt memory or escalate privileges when deleting a file from a specially crafted ext4 filesystem.
How severe is CVE-2019-19447?
CVE-2019-19447 has a severity rating of 7.8, which is considered high.
Which software versions are affected by CVE-2019-19447?
CVE-2019-19447 affects Linux kernel versions 5.0.21 and earlier.
How can I fix CVE-2019-19447?
To fix CVE-2019-19447, you should update your affected Linux kernel to version 5.0.22 or later.
Are there any references for CVE-2019-19447?
Yes, you can find more information about CVE-2019-19447 on the following links: [link1](https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447), [link2](https://bugzilla.kernel.org/show_bug.cgi?id=205433), [link3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1781680).
- collector/redhat-cve
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/severity
- agent/references
- agent/remedy
- agent/weakness
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-19447
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.12
- version/linux linux kernel/3.17
- version/linux linux kernel/4.5.0
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.4
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp hci baseboard management controller
- version/netapp hci baseboard management controller/h610s
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp solidfire baseboard management controller