UBUNTU-CVE-2019-19449

Advisory lineage Upstream: 1 Downstream: 5
Upstream
CVE-2019-19449
Published: 08 Dec 2019, 02:15
Last modified:03 Jun 2026, 13:33

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

08 Dec 2019, 02:15
Published
Vulnerability first disclosed
03 Jun 2026, 13:33
Last Modified
Vulnerability information updated

Description

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntulinux

    all | < 4.4.0-222.255 | < 4.15.0-162.170 | < 5.4.0-90.101

  • ubuntulinux-aws

    < 4.4.0-1102.107 | < 4.4.0-1138.152 | < 4.15.0-1115.122 | < 5.4.0-1059.62

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.4

    < 5.4.0-1059.62~18.04.1

  • ubuntulinux-aws-5.8

    all

  • ubuntulinux-aws-fips

    < 4.15.0-2056.58 | all | < 5.4.0-1069.73+fips2

  • ubuntulinux-aws-hwe

    < 4.15.0-1115.122~16.04.1

  • ubuntulinux-azure

    < 4.15.0-1126.139~14.04.1 | < 4.15.0-1126.139~16.04.1 | all | < 5.4.0-1063.66

  • ubuntulinux-azure-4.15

    < 4.15.0-1126.139

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.4

    < 5.4.0-1063.66~18.04.1

  • ubuntulinux-azure-5.8

    < 5.8.0-1043.46~20.04.1

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde-5.15

    all

  • ubuntulinux-azure-fips

    < 4.15.0-2038.42 | all | < 5.4.0-1073.76+fips1

  • ubuntulinux-bluefield

    < 5.4.0-1021.24 | all

  • ubuntulinux-dell300x

    < 4.15.0-1030.35

  • ubuntulinux-fips

    < 4.4.0-1072.78 | all | < 4.15.0-1072.81 | < 5.4.0-1036.42

  • ubuntulinux-gcp

    < 4.15.0-1111.125~16.04.1 | all | < 5.4.0-1057.61

  • ubuntulinux-gcp-4.15

    < 4.15.0-1111.125

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.4

    < 5.4.0-1057.61~18.04.1

  • ubuntulinux-gcp-5.8

    all

  • ubuntulinux-gcp-edge

    all

  • ubuntulinux-gcp-fips

    < 4.15.0-2021.23 | all | < 5.4.0-1067.71~20.04.1

  • ubuntulinux-gke

    < 5.4.0-1055.58

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-gke-5.4

    < 5.4.0-1055.58~18.04.1

  • ubuntulinux-gkeop

    < 5.4.0-1026.27

  • ubuntulinux-gkeop-5.4

    < 5.4.0-1026.27~18.04.1

  • ubuntulinux-hwe

    < 4.15.0-162.170~16.04.1 | all

  • ubuntulinux-hwe-5.4

    < 5.4.0-90.101~18.04.1

  • ubuntulinux-hwe-5.8

    all

  • ubuntulinux-hwe-edge

    all | all

  • ubuntulinux-ibm

    < 5.4.0-1007.8

  • ubuntulinux-intel-iot-realtime

    all

  • ubuntulinux-kvm

    < 4.4.0-1103.112 | < 4.15.0-1102.104 | < 5.4.0-1049.51

  • ubuntulinux-lts-xenial

    < 4.4.0-222.255~14.04.1

  • ubuntulinux-nvidia

    all

  • ubuntulinux-oem

    all

  • ubuntulinux-oem-5.6

    all

  • ubuntulinux-oracle

    < 4.15.0-1083.91~16.04.1 | < 4.15.0-1083.91 | < 5.4.0-1057.61

  • ubuntulinux-oracle-5.0

    all

  • ubuntulinux-oracle-5.3

    all

  • ubuntulinux-oracle-5.4

    < 5.4.0-1057.61~18.04.1

  • ubuntulinux-oracle-5.8

    all

  • ubuntulinux-raspi

    < 5.4.0-1046.50

  • ubuntulinux-raspi-5.4

    < 5.4.0-1046.50~18.04.1

  • ubuntulinux-raspi-realtime

    all

Showing first 50 affected entries in server-rendered view.

References (8)