CVE-2019-19319
Description
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.436
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2020:0093-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-4.12.14-16.7.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0093-1(SUSE Linux Enterprise Server 12-SP5 ) kernel-azure-base-4.12.14-16.7.1.x86_64.rpm | Linux |
| Linux kernel (USN-4391-1) linux-image-aws_4.4.0.1109.113_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-kvm_4.4.0.1075.73_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-generic_4.4.0.184.190_i386.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-generic_4.4.0.184.190_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-virtual_4.4.0.184.190_i386.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-virtual_4.4.0.184.190_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-lowlatency_4.4.0.184.190_i386.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-lowlatency_4.4.0.184.190_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-4.4.0-1075-kvm_4.4.0-1075.82_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-4.4.0-1109-aws_4.4.0-1109.120_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-4.4.0-184-generic_4.4.0-184.214_i386.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-4.4.0-184-generic_4.4.0-184.214_amd64.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-4.4.0-184-lowlatency_4.4.0-184.214_i386.deb | Linux |
| Linux kernel (USN-4391-1) linux-image-4.4.0-184-lowlatency_4.4.0-184.214_amd64.deb | Linux |
| kernel Security Update (ALAS-2020-1431) kernel-livepatch-4.14.181-140.257-1.0-0.amzn2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234