CVE-2019-15538

HIGH

Opensuse Leap < 4.9.191 - Denial of Service

Title source: rule
STIX 2.1

Description

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

References (14)

Core 14
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4144-1/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20191004-0001/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4147-1/

Scores

CVSS v3 7.5
EPSS 0.1643
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (23)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
debian/debian_linux 8.0
fedoraproject/fedora 29
fedoraproject/fedora 30
linux/linux_kernel 5.3 (7 CPE variants)
linux/linux_kernel 4.7 - 4.9.191
netapp/aff_a700s_firmware
netapp/data_availability_services
... and 13 more
Published Aug 25, 2019
Tracked Since Feb 18, 2026