CVE-2019-15794
ADVISORY - nistSummary
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
EPSS Score: 0.01158 (0.633)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Operation on a Resource after Expiration or Release
ADVISORY - redhat
Operation on a Resource after Expiration or Release
NIST
CREATED
UPDATED
ADVISORY IDCVE-2019-15794
EXPLOITABILITY SCORE
1.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.1highDebian
CREATED
UPDATED
ADVISORY IDCVE-2019-15794
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2019-15794
EXPLOITABILITY SCORE
0.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.7mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2019-15794
EXPLOITABILITY SCORE
0.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.7mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2019-15794
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-