CVE-2019-11487

Published: Apr 23, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.

Affected (13)

Products: Linux: Linux Kernel · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 4.4.216
Linux Linux Kernel	From 4.10 to 4.14.116
Linux Linux Kernel	From 4.15 to 4.19.39
Linux Linux Kernel	From 4.20 to 5.0.12
Linux Linux Kernel	From 4.5 to 4.9.181
Linux Linux Kernel	Version 5.1 rc1
Linux Linux Kernel	Version 5.1 rc2
Linux Linux Kernel	Version 5.1 rc3
Linux Linux Kernel	Version 5.1 rc4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (60)

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/04/29/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/108054

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:2703

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2741

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0174

Source: cve@mitre.org

Third Party Advisory

https://bugs.chromium.org/p/project-zero/issues/detail?id=1752

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb

Source: cve@mitre.org

PatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a

Source: cve@mitre.org

PatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397

Source: cve@mitre.org

PatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64

Source: cve@mitre.org

PatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lwn.net/Articles/786044/

Source: cve@mitre.org

ExploitThird Party Advisory

https://security.netapp.com/advisory/ntap-20190517-0005/

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K14255532

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4069-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4069-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4115-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4145-1/

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html