Home

CVE-2019-15791

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.13

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (0059-1) linux-image-aws_5.3.0.1007.9_amd64.debLinux
Linux kernel (0059-1) linux-image-gcp_5.3.0.1008.9_amd64.debLinux
Linux kernel (0059-1) linux-image-gke_5.3.0.1008.9_amd64.debLinux
Linux kernel (0059-1) linux-image-kvm_5.3.0.1007.9_amd64.debLinux
Linux kernel (0059-1) linux-image-azure_5.3.0.1007.25_amd64.debLinux
Linux kernel (0059-1) linux-image-oracle_5.3.0.1006.7_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1007-aws_5.3.0-1007.8_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1007-kvm_5.3.0-1007.8_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1008-gcp_5.3.0-1008.9_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1007-azure_5.3.0-1007.8_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-22-generic_5.3.0-22.24_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1006-oracle_5.3.0-1006.7_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-22-lowlatency_5.3.0-22.24_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-aws_5.0.0.1021.23_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gcp_5.0.0.1025.29_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gcp_5.0.0.1025.50_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gke_5.0.0.1025.50_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-kvm_5.0.0.1022.23_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-azure_5.0.0.1025.25_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-azure_5.0.0.1025.36_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-oracle_5.0.0.1007.33_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gke-5.0_5.0.0.1025.14_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1021-aws_5.0.0-1021.24_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1022-kvm_5.0.0-1022.24_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-gcp_5.0.0-1025.26_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-gcp_5.0.0-1025.26~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-azure_5.0.0-1025.27_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-azure_5.0.0-1025.27~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38~18.04.1_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1007-oracle_5.0.0-1007.12_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1027-oem-osp1_5.0.0-1027.31_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38~18.04.1_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38~18.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234