CVE-2019-19378 - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds

CVE-2019-19378

Summary

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.

References

https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378
https://security.netapp.com/advisory/ntap-20200103-0001/

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.0.21:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-01-2020 - 11:15)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20200103-0001/
misc	https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378

Last major update

03-01-2020 - 11:15

Published

29-11-2019 - 17:15

Last modified

03-01-2020 - 11:15