Reference count underflow in shiftfs
CVE-2019-15791

7.1HIGH

Key Information:

Vendor: Ubuntu
Status: Shiftfs In The Linux Kernel
Vendor: CVE Published:; 24 April 2020

🔔 Create Ubuntu Vulnerability Alert

What is CVE-2019-15791?

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

Affected Version(s)

Shiftfs in the Linux kernel 5.3.0-11.12 < 5.3 kernel*

Shiftfs in the Linux kernel 5.0 kernel < 5.0.0-35.38

References

https://usn.ubuntu.com/usn/usn-4183-1

x_refsource_MISC

https://usn.ubuntu.com/usn/usn-4184-1

x_refsource_MISC

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/l...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2020
Vulnerability Reserved
Aug 29, 2019

Credit

Jann Horn of Google Project Zero

.

CVE-2019-15791 : Reference count underflow in shiftfs