VDB

CVE-2019-15793

CVE-2019-15793 PUBLISHED

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

EPSS 0.03% · 10.3th percentile

Risk Scores

EPSS Score
0.03%
10.3th percentile

Affected Products

VendorProductVersions
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:20.04:LTSlinux-raspi25.3.0-1007.8, 5.3.0-1014.16, 5.3.0-1015.17
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:18.04:LTSlinux-gcp-edge5.0.0-1011.11~18.04.1, 0, 5.0.0-1013.13~18.04.1
Ubuntu:16.04:LTSlinux-hwe-edge4.15.0-20.21~16.04.1, 0, 4.8.0-30.32~16.04.1
Ubuntu:20.04:LTSlinux-riscv5.4.0-36.41, 5.4.0-39.44, 0
Ubuntu:20.04:LTSlinux-gkeop-5.155.15.0-1043.50~20.04.1, 5.15.0-1035.41~20.04.1, 5.15.0-1034.40~20.04.1
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1085.90+cvm1.1, 5.4.0-1085.90+cvm2.1, *
Ubuntu:20.04:LTSlinux-gke5.4.0-1084.90, 5.4.0-1033.35, 5.4.0-1035.37
Ubuntu:18.04:LTSlinux-hwe-edge5.0.0-19.20~18.04.1, 5.3.0-23.25~18.04.2, 5.3.0-24.26~18.04.2
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:22.04:LTSlinux-riscv5.15.0-1015.17, 5.15.0-1014.16, 5.15.0-1012.13
Ubuntu:20.04:LTSlinux-gkeop5.4.0-1061.65, 5.4.0-1057.61, 5.4.0-1054.57
Ubuntu:18.04:LTSlinux-azure-edge0, 5.0.0-1012.12~18.04.2, 4.18.0-1008.8~18.04.1

Timeline

  • Nov 12, 2019 CVE Published
  • Nov 20, 2019 PoC Published
  • Nov 20, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›