Description
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
Exploits (1)
References (6)
Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200103-0001/
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Scores
CVSS v3
7.8
EPSS
0.0169
EPSS Percentile
82.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (7)
linux/linux_kernel
2.6.12 - 3.16.82
netapp/active_iq_unified_manager
netapp/cloud_backup
netapp/data_availability_services
netapp/hci_baseboard_management_controller
h610s
netapp/solidfire_baseboard_management_controller
netapp/steelstore_cloud_integrated_storage
Published
Dec 08, 2019
Tracked Since
Feb 18, 2026