VDB
CVE-2019-11487
CVE-2019-11487
PUBLISHED
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
EPSS 0.11% · 29.7th percentile
Risk Scores
EPSS Score
0.11%
29.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1041.47, 4.4.0-1043.49, 4.4.0-1046.52 |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1051.59~20.04.1.1, 5.15.0-1052.60~20.04.1.1, 5.15.0-1086.95~20.04.1.1 |
| Ubuntu:18.04:LTS | linux-gke-4.15 | 4.15.0-1034.36, 4.15.0-1040.42, 4.15.0-1037.39 |
| Ubuntu:18.04:LTS | linux-kvm | 4.15.0-1025.25, 4.15.0-1027.27, 4.15.0-1029.29 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 0, 4.15.0-1001.1 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-189.240, 3.13.0-8.27, 3.13.0-4.19 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1003.4, 4.4.0-1114.123, 4.4.0-1103.111 |
| Ubuntu:18.04:LTS | linux-snapdragon | 4.4.0-1077.82, 4.15.0-1057.62, 4.4.0-1078.83 |
| Ubuntu:18.04:LTS | linux-raspi2 | 4.15.0-1038.40, 4.15.0-1037.39, 4.15.0-1036.38 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1071.76, 4.4.0-1012.12, 4.4.0-1013.14 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 0, 5.0.0-16.17~18.04.1, 5.0.0-17.18~18.04.1 |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:18.04:LTS | linux-azure | 4.15.0-1008.8, 4.15.0-1009.9, * |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-37.42, 5.4.0-30.34, 5.4.0-27.31 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1024.25, 4.15.0-1025.26, 4.15.0-1026.27 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1050.57, 4.15.0-1002.3, 4.15.0-1004.5 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 4.15.0-2000.4, 0 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-azure-fips | 0, 4.15.0-1002.2 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1020.23, 5.15.0-1008.8, 5.15.0-1014.16 |
…and 21 more
Exploit Intelligence
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1752 (nist-nvd)
- https://lwn.net/Articles/786044/ (nist-nvd)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
Timeline
- Apr 23, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11487 third-party-advisory
- https://lwn.net/Articles/786044/ third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397 third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64 third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3 third-party-advisory
- https://ubuntu.com/security/notices/USN-4069-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4069-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-4115-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4118-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4145-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11487 third-party-advisory