Vulnetix
Try Vulnetix Request Demo
CVE-2019-15791 PUBLISHED

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

EPSS 0.13% · 32.4th percentile

Risk Scores

EPSS Score
0.13%
32.4th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSlinux-riscv5.13.0-1006.6+22.04.1, 5.13.0-1004.4, *
Ubuntu:16.04:LTSlinux-hwe-edge4.13.0-25.29~16.04.2, 4.8.0-30.32~16.04.1, 4.8.0-32.34~16.04.1
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-23.25~18.04.1, 5.3.0-23.25~18.04.2, 5.3.0-24.26~18.04.2
Ubuntu:20.04:LTSlinux-gkeop-5.155.15.0-1005.7~20.04.1, 5.15.0-1037.43~20.04.1, 5.15.0-1036.42~20.04.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:20.04:LTSlinux-riscv5.4.0-39.44, 5.4.0-28.32, 5.4.0-37.42
Ubuntu:20.04:LTSlinux-raspi25.3.0-1007.8, 5.3.0-1017.19, 5.4.0-1006.6
Ubuntu:20.04:LTSlinux-gkeop5.4.0-1095.99, 5.4.0-1008.9, 5.4.0-1010.11
Ubuntu:18.04:LTSlinux-gcp-edge4.18.0-1004.5~18.04.1, 0, 4.18.0-1006.7~18.04.1
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1086.91+cvm1.1, 5.4.0-1085.90+cvm2.1, 5.4.0-1083.87+cvm1.1
Ubuntu:20.04:LTSlinux-gke5.4.0-1052.55, 5.4.0-1051.54, 5.4.0-1049.52
Ubuntu:18.04:LTSlinux-azure-edge0, 5.0.0-1012.12~18.04.2, 4.18.0-1008.8~18.04.1
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35

Timeline

References

Open in Interactive Console →