CVE-2019-19449

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2019-19449 UBUNTU-CVE-2019-19449 USN-5120-1 USN-5136-1 USN-5137-1 USN-5137-2

Modified

Published: 08 Dec 2019, 01:14

Last modified:05 Aug 2024, 02:16

Vulnerability Summary

Overall Risk (default)

medium

41/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.35% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

08 Dec 2019, 01:14

Published

Vulnerability first disclosed

05 Aug 2024, 02:16

Last Modified

Vulnerability information updated

Description

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.35%• Percentile: 58%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux_kernel
5.0.21