In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
References
Link | Resource |
---|---|
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200103-0001/ | Third Party Advisory |
https://usn.ubuntu.com/4578-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
03 Oct 2023, 15:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:* |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
27 Feb 2023, 15:30
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp a700s Firmware
Canonical Debian Netapp cloud Backup Netapp solidfire Baseboard Management Controller Canonical ubuntu Linux Netapp aff 8300 Firmware Netapp fas 8300 Firmware Netapp aff A400 Firmware Netapp h610s Netapp fas A400 Firmware Netapp fas A400 Netapp h610s Firmware Netapp steelstore Cloud Integrated Storage Netapp active Iq Unified Manager Netapp solidfire Baseboard Management Controller Firmware Netapp fas 8700 Firmware Netapp a700s Netapp Netapp solidfire Netapp fas 8300 Netapp fas 8700 Netapp aff A400 Netapp hci Management Node Netapp aff 8300 Netapp aff 8700 Debian debian Linux Netapp data Availability Services Netapp aff 8700 Firmware |
|
CPE | cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:* |
|
References | (UBUNTU) https://usn.ubuntu.com/4578-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200103-0001/ - Third Party Advisory |
Information
Published : 2019-12-08 02:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19448
Mitre link : CVE-2019-19448
CVE.ORG link : CVE-2019-19448
JSON object : View
Products Affected
netapp
- a700s_firmware
- aff_a400
- fas_8300_firmware
- solidfire_baseboard_management_controller
- cloud_backup
- fas_8700_firmware
- data_availability_services
- steelstore_cloud_integrated_storage
- fas_a400
- hci_management_node
- solidfire
- fas_a400_firmware
- h610s
- fas_8700
- aff_8300
- aff_8700_firmware
- a700s
- aff_8700
- fas_8300
- aff_8300_firmware
- solidfire_baseboard_management_controller_firmware
- active_iq_unified_manager
- aff_a400_firmware
- h610s_firmware
linux
- linux_kernel
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-416
Use After Free