Use-after-free in Linux kernel

#VU34985 Use-after-free in Linux kernel

Published: 2019-12-08 | Updated: 2020-08-08

Vulnerability identifier: #VU34985

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19447

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.0.21

External links
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
http://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
http://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
http://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
http://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
http://security.netapp.com/advisory/ntap-20200103-0001/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 7.6 update for kernel

Red Hat Enterprise Linux 7.4 update for kernel

Red Hat Enterprise Linux 7 update for kernel-alt

Use-after-free in Linux kernel