CVE-2019-19447
Published: 08 December 2019
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-26.30)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-18.22)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-88.88)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-173.203)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by c7df4a1ecb8579838ec8c56b2bb6a6716e974f37 |
||
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1060.62)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1101.112)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1025.28)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1016.17~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1060.62~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1010.10)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1006.6)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1032.34)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1071.76)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1082.92)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1013.14~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1031.32)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1055.59)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1071.81)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1012.13~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1052.55)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1030.31)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1012.13~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-40.32~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-88.88~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1053.53)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1065.72)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1073.83)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.6.0-1007.7)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.6.0-1007.7)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1039.44)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1009.9)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1033.36)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1033.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1011.16)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-1008.8)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1007.7)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Ignored
(was needs-triage now end-of-life)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1055.59)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1128.137)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-1018.20~18.04.1)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-riscv Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(5.4.0-24.28)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-24.28)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.5~rc1)
|
Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1072.79)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1132.140)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
Author | Note |
---|---|
tyhicks | Exploiting this vulnerability requires a crafted filesystem image to be mounted |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19447
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447
- https://lore.kernel.org/r/20191112032903.8828-1-tytso@mit.edu
- NVD
- Launchpad
- Debian