Vulnetix
Try Vulnetix Request Demo
CVE-2019-15792 PUBLISHED

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.

EPSS 0.21% · 43.8th percentile

Risk Scores

EPSS Score
0.21%
43.8th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:22.04:LTSlinux-riscv0, 5.13.0-1004.4, 5.13.0-1006.6+22.04.1
Ubuntu:18.04:LTSlinux-azure-edge0, 4.18.0-1006.6~18.04.1, 4.18.0-1007.7~18.04.1
Ubuntu:18.04:LTSlinux-gcp-edge4.18.0-1007.8~18.04.1, 0, 4.18.0-1004.5~18.04.1
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1086.91+cvm1.1, 5.4.0-1089.94+cvm1.2, 5.4.0-1090.95+cvm1.1
Ubuntu:20.04:LTSlinux-riscv5.4.0-36.41, 5.4.0-40.45, 5.4.0-39.44
Ubuntu:20.04:LTSlinux-raspi25.4.0-1004.4, 5.4.0-1006.6, 0
Ubuntu:20.04:LTSlinux-gke5.4.0-1080.86, 0, 5.4.0-1033.35
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-23.25~18.04.2, 5.3.0-23.25~18.04.1, 5.3.0-22.24~18.04.1
Ubuntu:16.04:LTSlinux-hwe-edge4.10.0-26.30~16.04.1, 4.10.0-24.28~16.04.1, 4.10.0-22.24~16.04.1
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:20.04:LTSlinux-gkeop5.4.0-1073.77, 5.4.0-1074.78, 5.4.0-1075.79
Ubuntu:20.04:LTSlinux-gkeop-5.150, 5.15.0-1003.5~20.04.2, 5.15.0-1005.7~20.04.1

Timeline

References

Open in Interactive Console →