1. Home
  2. Vulnerabilities
  3. CVE-2019-11487

CVE-2019-11487

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.16 % (53th)
0.16% Progress
Affected Products 3
Advisories 36
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2019-04-23 22:29:05
(5 years ago)
Updated Date
2023-02-24 18:43:05
(19 months ago)

Affected Products

Canonical

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 4.4.216 version cpe:2.3:o:linux:linux_kernel < 4.4.216
  Linux Kernel from 4.5 version and prior 4.9.181 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.181
  Linux Kernel from 4.10 version and prior 4.14.116 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.116
  Linux Kernel from 4.15 version and prior 4.19.39 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.39
  Linux Kernel from 4.20 version and prior 5.0.12 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.0.12
  Linux Kernel 5.1 Rc1 cpe:2.3:o:linux:linux_kernel:5.1:rc1
  Linux Kernel 5.1 Rc2 cpe:2.3:o:linux:linux_kernel:5.1:rc2
  Linux Kernel 5.1 Rc3 cpe:2.3:o:linux:linux_kernel:5.1:rc3
  Linux Kernel 5.1 Rc4 cpe:2.3:o:linux:linux_kernel:5.1:rc4

Configuration #2

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04