CVE-2019-15791
HighIn shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.
CVSS 3.1 score
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness type
CWE-672CVE-2019-15791 is classified as CWE-672
See CWE-672 on MITRE CWE for full details on this weakness type.
References
The following references provide additional information about CVE-2019-15791 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
Ubuntu Securityhttps://usn.ubuntu.com/usn/usn-4183-1Third Party Advisory
-
Ubuntu Securityhttps://usn.ubuntu.com/usn/usn-4184-1Third Party Advisory
-
PatchKernel patch commithttps://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=601a64857b3d7040ca15c39c929e6b9db3373ec1
Frequently asked questions
-
What is CVE-2019-15791?
CVE-2019-15791 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2019-15791 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2019-15791?
CVE-2019-15791 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. -
Is there a patch available for CVE-2019-15791?
No patch is currently available for CVE-2019-15791. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2019-15791 actively exploited?
No — CVE-2019-15791 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.