CVE-2019-19447

HIGH

Linux kernel 5.0.21 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19447. PoCs published by Trinadh465.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-19447, a vulnerability in the Linux kernel's 9p filesystem implementation. The exploit targets a flaw in the ACL handling code, specifically in the `acl.c` file, which could lead to privilege escalation or denial of service.

Description

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Exploits (1)

nomisec WORKING POC

by Trinadh465 · poc

https://github.com/Trinadh465/linux-4.19.72_CVE-2019-19447

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2019-19447, a vulnerability in the Linux kernel's 9p filesystem implementation. The exploit targets a flaw in the ACL handling code, specifically in the `acl.c` file, which could lead to privilege escalation or denial of service.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 4.19.72

No auth needed

Prerequisites: Access to a system running a vulnerable version of the Linux kernel with the 9p filesystem module loaded

MITRE ATT&CK