CVE-2019-15794
CVSS v3.1
6.7 (Medium)
CVSS v2.0
7.2 (High)
EPSS
0.05 % (18th)
Affected Products
2
Advisories
2
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
Weaknesses
- CWE-672
- Operation on a Resource after Expiration or Release
- CVE Status
- PUBLISHED
- CNA
- Canonical Ltd.
- Published Date
-
2020-04-24 00:15:11
(4 years ago) - Updated Date
-
2020-05-26 15:18:52
(4 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...