CVE-2019-15793

MEDIUM

Linux kernel <5.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-15793. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a reference counting flaw in the shiftfs filesystem implementation in Ubuntu 19.10 (kernel 5.3.0-19-generic), leading to a use-after-free condition. The PoC triggers a general protection fault by manipulating file descriptors and mmap operations.

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoslinux

https://www.exploit-db.com/exploits/47693

View Code ZIP pw:eip

This exploit demonstrates a reference counting flaw in the shiftfs filesystem implementation in Ubuntu 19.10 (kernel 5.3.0-19-generic), leading to a use-after-free condition. The PoC triggers a general protection fault by manipulating file descriptors and mmap operations.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Ubuntu 19.10 with shiftfs (kernel 5.3.0-19-generic)

No auth needed

Prerequisites: Unprivileged user access · shiftfs mounted

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://usn.ubuntu.com/usn/usn-4183-1

Third Party Advisory x_refsource_misc

https://usn.ubuntu.com/usn/usn-4184-1

Mailing List, Patch, Third Party Advisory x_refsource_misc

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb

Scores

CVSS v3 6.5

EPSS 0.0069

EPSS Percentile 47.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-276 CWE-538

Status published

Products (4)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

linux/linux_kernel 5.0

linux/linux_kernel 5.3

Published Apr 24, 2020

Tracked Since Feb 18, 2026