CVE-2019-15538

CVSS v3.1 7.5 (High)

CVSS v2.0 7.8 (High)

EPSS 2.52 % (90^th)

Affected Products 28

Advisories 28

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Weaknesses

CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-08-25 16:15:11
(5 years ago)
Updated Date: 2023-11-07 03:05:29
(10 months ago)

Affected Products

Netapp

Opensuse

Leap

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.7 version and prior 4.9.191 version	cpe:2.3:o:linux:linux_kernel	>= 4.7	< 4.9.191
Linux Kernel from 4.14 version and prior 4.14.141 version	cpe:2.3:o:linux:linux_kernel	>= 4.14	< 4.14.141
Linux Kernel from 4.19 version and prior 4.19.69 version	cpe:2.3:o:linux:linux_kernel	>= 4.19	< 4.19.69
Linux Kernel from 5.2 version and prior 5.2.11 version	cpe:2.3:o:linux:linux_kernel	>= 5.2	< 5.2.11
Linux Kernel 5.3	cpe:2.3:o:linux:linux_kernel:5.3:-
Linux Kernel 5.3 Rc1	cpe:2.3:o:linux:linux_kernel:5.3:rc1
Linux Kernel 5.3 Rc2	cpe:2.3:o:linux:linux_kernel:5.3:rc2
Linux Kernel 5.3 Rc3	cpe:2.3:o:linux:linux_kernel:5.3:rc3
Linux Kernel 5.3 Rc4	cpe:2.3:o:linux:linux_kernel:5.3:rc4
Linux Kernel 5.3 Rc5	cpe:2.3:o:linux:linux_kernel:5.3:rc5
Linux Kernel 5.3 Rc6	cpe:2.3:o:linux:linux_kernel:5.3:rc6

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #3

		CPE23	From	Up To
	Netapp Data Availability Services	cpe:2.3:a:netapp:data_availability_services:-
	Netapp Hci Management Node	cpe:2.3:a:netapp:hci_management_node:-
	Netapp Solidfire	cpe:2.3:a:netapp:solidfire:-

Configuration #4

AND

		CPE23
OR
	Netapp Aff A700s Firmware	cpe:2.3:o:netapp:aff_a700s_firmware:-
OR
	Running on/with
	Netapp Aff A700s	cpe:2.3:h:netapp:aff_a700s:-

Configuration #5

AND

		CPE23
OR
	Netapp H300s Firmware	cpe:2.3:o:netapp:h300s_firmware:-
OR
	Running on/with
	Netapp H300s	cpe:2.3:h:netapp:h300s:-

Configuration #6

AND

		CPE23
OR
	Netapp H500s Firmware	cpe:2.3:o:netapp:h500s_firmware:-
OR
	Running on/with
	Netapp H500s	cpe:2.3:h:netapp:h500s:-

Configuration #7

AND

		CPE23
OR
	Netapp H700s Firmware	cpe:2.3:o:netapp:h700s_firmware:-
OR
	Running on/with
	Netapp H700s	cpe:2.3:h:netapp:h700s:-

Configuration #8

AND

		CPE23
OR
	Netapp H300e Firmware	cpe:2.3:o:netapp:h300e_firmware:-
OR
	Running on/with
	Netapp H300e	cpe:2.3:h:netapp:h300e:-

Configuration #9

AND

		CPE23
OR
	Netapp H500e Firmware	cpe:2.3:o:netapp:h500e_firmware:-
OR
	Running on/with
	Netapp H500e	cpe:2.3:h:netapp:h500e:-

Configuration #10

AND

		CPE23
OR
	Netapp H700e Firmware	cpe:2.3:o:netapp:h700e_firmware:-
OR
	Running on/with
	Netapp H700e	cpe:2.3:h:netapp:h700e:-

Configuration #11

AND

		CPE23
OR
	Netapp H410s Firmware	cpe:2.3:o:netapp:h410s_firmware:-
OR
	Running on/with
	Netapp H410s	cpe:2.3:h:netapp:h410s:-

Configuration #12

AND

		CPE23
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-

Configuration #13

AND

		CPE23
OR
	Netapp H610s Firmware	cpe:2.3:o:netapp:h610s_firmware:-
OR
	Running on/with
	Netapp H610s	cpe:2.3:h:netapp:h610s:-

Configuration #14

		CPE23	From	Up To
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #15

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #16

		CPE23	From	Up To
	Fedoraproject Fedora 29	cpe:2.3:o:fedoraproject:fedora:29
	Fedoraproject Fedora 30	cpe:2.3:o:fedoraproject:fedora:30