CVE-2019-19816
Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 17 Dec 2019, 05:58
Last modified:05 Aug 2024, 02:25
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
1.15% LOW
1% probability +0.90%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
17 Dec 2019, 05:58
Published
Vulnerability first disclosed
05 Aug 2024, 02:25
Last Modified
Vulnerability information updated
Description
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 1.15%• Percentile: 79%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- canonical•ubuntu_linux
14.04 | 16.04 | 18.04
- debian•debian_linux
9.0
- linux•linux_kernel
≥ 2.6.12, < 4.4.247 | ≥ 4.5, < 4.9.247 | ≥ 4.10, < 4.14.210 | ≥ 4.15, < 4.19.137 | ≥ 4.20, < 5.2
- netapp•active_iq_unified_manager
≥ 9.5
- netapp•aff_a400_firmware
na
- netapp•aff_a700s
na
- netapp•data_availability_services
na
- netapp•fas8300_firmware
na
- netapp•fas8700_firmware
na
- netapp•h610s_firmware
na
- netapp•hci_management_node
na
- netapp•solidfire
na
- netapp•steelstore_cloud_integrated_storage
na
References (6)
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://usn.ubuntu.com/4414-1/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html