CVE-2019-19815 Information
Feb 14, 2021
cve
Description
In the Linux kernel 5.0.21 mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Reference
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815 https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6diff-41a7fa4590d2af87e82101f2b4dadb56 https://security.netapp.com/advisory/ntap-20200103-0001/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.5
Share on: