UBUNTU-CVE-2019-15794

Advisory lineage Upstream: 1 Downstream: 2
Upstream
CVE-2019-15794
Published: 08 Nov 2019, 00:00
Last modified:03 Jun 2026, 22:04

Vulnerability Summary

Overall Risk (default)
medium
27/100
CVSS Score
6.7 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

08 Nov 2019, 00:00
Published
Vulnerability first disclosed
03 Jun 2026, 22:04
Last Modified
Vulnerability information updated

Description

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.

CVSS Metrics

  • v3.1MEDIUMScore: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntulinux

    all | all | all | all

  • ubuntulinux-aws

    all | all | all | all

  • ubuntulinux-aws-5.0

    < 5.0.0-1022.25~18.04.1

  • ubuntulinux-aws-5.15

    all

  • ubuntulinux-aws-6.14

    all

  • ubuntulinux-aws-6.17

    all

  • ubuntulinux-aws-6.8

    all

  • ubuntulinux-aws-fips

    all

  • ubuntulinux-azure

    < 5.0.0-1027.29~18.04.1 | all | all | all | all

  • ubuntulinux-azure-5.15

    all

  • ubuntulinux-azure-5.3

    < 5.3.0-1008.9~18.04.1

  • ubuntulinux-azure-6.11

    all

  • ubuntulinux-azure-6.14

    all

  • ubuntulinux-azure-6.17

    all

  • ubuntulinux-azure-6.8

    all

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde

    all | all | all | all | all

  • ubuntulinux-azure-fde-6.14

    all

  • ubuntulinux-azure-fde-6.17

    all

  • ubuntulinux-azure-fde-6.8

    all

  • ubuntulinux-azure-fips

    all

  • ubuntulinux-azure-nvidia

    all

  • ubuntulinux-azure-nvidia-6.14

    all

  • ubuntulinux-bluefield

    all | all

  • ubuntulinux-fips

    all

  • ubuntulinux-gcp

    < 5.0.0-1026.27~18.04.1 | all | all | all | all

  • ubuntulinux-gcp-5.15

    all

  • ubuntulinux-gcp-5.3

    < 5.3.0-1009.10~18.04.1

  • ubuntulinux-gcp-6.11

    all

  • ubuntulinux-gcp-6.14

    all

  • ubuntulinux-gcp-6.17

    all

  • ubuntulinux-gcp-6.8

    all

  • ubuntulinux-gcp-edge

    all

  • ubuntulinux-gcp-fips

    all

  • ubuntulinux-gke

    all | all | all

  • ubuntulinux-gke-5.0

    < 5.0.0-1026.27~18.04.2

  • ubuntulinux-gkeop

    all | all | all

  • ubuntulinux-gkeop-5.15

    all

  • ubuntulinux-hwe

    < 5.0.0-37.40~18.04.1

  • ubuntulinux-hwe-5.15

    all

  • ubuntulinux-hwe-6.11

    all

  • ubuntulinux-hwe-6.14

    all

  • ubuntulinux-hwe-6.17

    all

  • ubuntulinux-hwe-6.8

    all

  • ubuntulinux-hwe-edge

    all | all

  • ubuntulinux-ibm

    all | all | all

  • ubuntulinux-ibm-5.15

    all

  • ubuntulinux-ibm-6.8

    all

  • ubuntulinux-intel

    all

  • ubuntulinux-intel-iot-realtime

    all | all | all

Showing first 50 affected entries in server-rendered view.

References (4)