CVE-2019-15538

Published: Aug 25, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Affected (32)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Netapp: Data Availability Services, Hci Management Node, Solidfire, Aff A700s Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H300e Firmware, H500e Firmware, H700e Firmware, H410s Firmware, H410c Firmware, H610s Firmware · +3 more

Show all products

1 product

1 product

13 products

Data Availability Services

1 product

1 product

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.14 to 4.14.141
Linux Linux Kernel	From 4.19 to 4.19.69
Linux Linux Kernel	From 4.7 to 4.9.191
Linux Linux Kernel	From 5.2 to 5.2.11
Linux Linux Kernel	Version 5.3
Linux Linux Kernel	Version 5.3 rc1
Linux Linux Kernel	Version 5.3 rc2
Linux Linux Kernel	Version 5.3 rc3
Linux Linux Kernel	Version 5.3 rc4
Linux Linux Kernel	Version 5.3 rc5
Linux Linux Kernel	Version 5.3 rc6

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Data Availability Services	All versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A700s Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A700s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration N

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration P

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (28)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/

Source: cve@mitre.org

https://lore.kernel.org/linux-xfs/20190823035528.GH1037422%40magnolia/

Source: cve@mitre.org

https://lore.kernel.org/linux-xfs/20190823192433.GA8736%40eldamar.local

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20191004-0001/

Source: cve@mitre.org

Third Party Advisory

https://support.f5.com/csp/article/K32592426?utm_source=f5support&amp%3Butm_medium=RSS

Source: cve@mitre.org

https://usn.ubuntu.com/4144-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4147-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html