CVE-2019-15794

EIP tracks 1 public exploit for CVE-2019-15794. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC demonstrates a use-after-free vulnerability in Ubuntu's aufs kernel patch (CVE-2019-15794) by triggering a crash via mmap operations on a shiftfs-backed FUSE filesystem. The exploit leverages incorrect file pointer handling in mmap_region() to cause a general protection fault.

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.