CVE-2019-15794 Information

Description

Overlayfs in the Linux kernel and shiftfs a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series both replace vma-vm_file in their mmap handlers. On error the original value is not restored and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue as no callers dereference vm_file following after call_mmap() returns an error. However the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput() which will fput() vm_file leading to a refcount underflow.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3 https://usn.ubuntu.com/usn/usn-4208-1 https://usn.ubuntu.com/usn/usn-4209-1

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.7