CVE-2019-19036MEDIUM
Description
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
References
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19036
https://security.netapp.com/advisory/ntap-20191205-0001/
Details
Source: MITRE
Published: 2019-11-21
Updated: 2020-08-03
Type: CWE-476
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.3.12 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 142576 | EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443) | Nessus | Huawei Local Security Checks | high |
| 139027 | Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1) | Nessus | Ubuntu Local Security Checks | high |
| 138272 | SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1) | Nessus | SuSE Local Security Checks | critical |
| 138139 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4414-1) | Nessus | Ubuntu Local Security Checks | high |
| 137805 | EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1698) | Nessus | Huawei Local Security Checks | high |
| 137024 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1606) | Nessus | Huawei Local Security Checks | high |
| 136239 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536) | Nessus | Huawei Local Security Checks | critical |
| 135741 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1508) | Nessus | Huawei Local Security Checks | high |
| 134559 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-336) | Nessus | SuSE Local Security Checks | critical |
| 134363 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1) | Nessus | SuSE Local Security Checks | critical |
| 134293 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0584-1) | Nessus | SuSE Local Security Checks | critical |
| 134292 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0580-1) | Nessus | SuSE Local Security Checks | critical |
| 134289 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0560-1) | Nessus | SuSE Local Security Checks | critical |
| 134288 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0559-1) | Nessus | SuSE Local Security Checks | critical |
| 134287 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0558-1) | Nessus | SuSE Local Security Checks | critical |