CVE-2019-19377
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0039
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Hardware
Solidfire Baseboard Management Controller by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
4.20
(inclusive)
To
5.4.33
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Cloud Backup by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.6
(inclusive)
To
5.6.5
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
5.5.0
(inclusive)
To
5.5.18
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Steelstore Cloud Integrated Storage by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Linux Kernel by Linux
Version Range Affected
From
2.6.12
(inclusive)
To
4.19.156
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://security.netapp.com/advisory/ntap-20200103-0001/
https://usn.ubuntu.com/4367-1/
https://usn.ubuntu.com/4369-1/
https://usn.ubuntu.com/4414-1/
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://security.netapp.com/advisory/ntap-20200103-0001/
https://usn.ubuntu.com/4367-1/
https://usn.ubuntu.com/4369-1/
https://usn.ubuntu.com/4414-1/