Home

CVE-2019-15792

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a struct shiftfs_file_info *. As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.214

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (0059-1) linux-image-aws_5.3.0.1007.9_amd64.debLinux
Linux kernel (0059-1) linux-image-gcp_5.3.0.1008.9_amd64.debLinux
Linux kernel (0059-1) linux-image-gke_5.3.0.1008.9_amd64.debLinux
Linux kernel (0059-1) linux-image-kvm_5.3.0.1007.9_amd64.debLinux
Linux kernel (0059-1) linux-image-azure_5.3.0.1007.25_amd64.debLinux
Linux kernel (0059-1) linux-image-oracle_5.3.0.1006.7_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1007-aws_5.3.0-1007.8_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1007-kvm_5.3.0-1007.8_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1008-gcp_5.3.0-1008.9_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1007-azure_5.3.0-1007.8_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-22-generic_5.3.0-22.24_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-1006-oracle_5.3.0-1006.7_amd64.debLinux
Linux kernel (0059-1) linux-image-5.3.0-22-lowlatency_5.3.0-22.24_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-aws_5.0.0.1021.23_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gcp_5.0.0.1025.29_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gcp_5.0.0.1025.50_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gke_5.0.0.1025.50_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-kvm_5.0.0.1022.23_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-azure_5.0.0.1025.25_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-azure_5.0.0.1025.36_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-oracle_5.0.0.1007.33_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-gke-5.0_5.0.0.1025.14_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1021-aws_5.0.0-1021.24_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1022-kvm_5.0.0-1022.24_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-gcp_5.0.0-1025.26_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-gcp_5.0.0-1025.26~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-gke_5.0.0-1025.26~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-azure_5.0.0-1025.27_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1025-azure_5.0.0-1025.27~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38~18.04.1_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-generic_5.0.0-35.38~18.04.1_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1007-oracle_5.0.0-1007.12_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-1027-oem-osp1_5.0.0-1027.31_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38_amd64.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38~18.04.1_i386.debLinux
Linux kernel (USN-4184-1) linux-image-5.0.0-35-lowlatency_5.0.0-35.38~18.04.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234