CVE-2019-19447

CVSS v3.1 7.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.28 % (69^th)

Affected Products 7

Advisories 28

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-12-08 01:15:10
(4 years ago)
Updated Date: 2023-10-03 15:38:56
(11 months ago)

Affected Products

Linux

Linux Kernel

Netapp

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.12 version and prior 3.16.82 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.12	< 3.16.82
Linux Kernel from 3.17 version and prior 4.4.208 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 4.4.208
Linux Kernel from 4.5.0 version and prior 4.9.208 version	cpe:2.3:o:linux:linux_kernel	>= 4.5.0	< 4.9.208
Linux Kernel from 4.10 version and prior 4.14.159 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.159
Linux Kernel from 4.15 version and prior 4.19.90 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.90
Linux Kernel from 4.20 version and prior 5.3.17 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.3.17
Linux Kernel from 5.4 version and prior 5.4.4 version	cpe:2.3:o:linux:linux_kernel	>= 5.4	< 5.4.4

Configuration #2

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Cloud Backup	cpe:2.3:a:netapp:cloud_backup:-
	Netapp Data Availability Services	cpe:2.3:a:netapp:data_availability_services:-
	Netapp Hci Baseboard Management Controller H610s	cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s
	Netapp Steelstore Cloud Integrated Storage	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-
	Netapp Solidfire Baseboard Management Controller	cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-