In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Source: MITRE
Published: 2019-12-17
Updated: 2021-03-15
Type: CWE-787
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Base Score: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
OR
OR
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
147532 | Debian DLA-2586-1 : linux security update | Nessus | Debian Local Security Checks | high |
145516 | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4709-1) | Nessus | Ubuntu Local Security Checks | high |
145510 | Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4708-1) | Nessus | Ubuntu Local Security Checks | high |
145458 | Amazon Linux AMI : kernel (ALAS-2021-1477) | Nessus | Amazon Linux Local Security Checks | high |
145456 | Amazon Linux 2 : kernel (ALAS-2021-1588) | Nessus | Amazon Linux Local Security Checks | high |
144207 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5995) | Nessus | Oracle Linux Local Security Checks | high |
144097 | Debian DLA-2483-1 : linux-4.19 security update | Nessus | Debian Local Security Checks | high |
141098 | Photon OS 2.0: Linux PHSA-2020-2.0-0287 | Nessus | PhotonOS Local Security Checks | high |
141094 | Photon OS 3.0: Linux PHSA-2020-3.0-0145 | Nessus | PhotonOS Local Security Checks | high |
141091 | Photon OS 1.0: Linux PHSA-2020-1.0-0329 | Nessus | PhotonOS Local Security Checks | high |
140933 | Debian DLA-2385-1 : linux-4.19 security update | Nessus | Debian Local Security Checks | high |
138139 | Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4414-1) | Nessus | Ubuntu Local Security Checks | high |