Vulnetix
Try Vulnetix Request Demo
CVE-2019-15794 PUBLISHED

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.

EPSS 0.09% · 26.1th percentile

Risk Scores

EPSS Score
0.09%
26.1th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:FIPS-updates:22.04:LTSlinux-fips5.15.0-171.181+fips1, 5.15.0-163.173+fips1, 5.15.0-161.171+fips1
Ubuntu:24.04:LTSlinux-lowlatency6.8.0-58.60.1, 0, 6.5.0-9.9.1
Ubuntu:24.04:LTSlinux-azure-nvidia-6.146.14.0-1003.3, 0, 6.14.0-1006.6
Ubuntu:16.04:LTSlinux-hwe-edge4.13.0-25.29~16.04.2, 4.15.0-13.14~16.04.1, 4.13.0-16.19~16.04.3
Ubuntu:24.04:LTSlinux-intel6.8.0-1006.13, 0, 6.8.0-1005.12
Ubuntu:Pro:Realtime:24.04:LTSlinux-raspi-realtime6.8.0-2033.34, 6.8.0-2038.39, 6.8.0-2037.38
Ubuntu:Pro:FIPS-updates:22.04:LTSlinux-azure-fips0, 5.15.0-1089.98+fips1, 5.15.0-1090.99+fips1
Ubuntu:22.04:LTSlinux-aws-6.86.8.0-1035.37~22.04.1, 0, 6.8.0-1009.9~22.04.2
Ubuntu:24.04:LTSlinux-oem-6.86.8.0-1012.12, 6.8.0-1011.11, 6.8.0-1010.10
Ubuntu:18.04:LTSlinux-azure4.15.0-1037.39, 4.18.0-1013.13~18.04.1, 4.18.0-1014.14~18.04.1
Ubuntu:24.04:LTSlinux-azure-6.146.14.0-1017.17~24.04.1, 6.14.0-1014.14~24.04.1, 6.14.0-1013.13~24.04.1
Ubuntu:24.04:LTSlinux-gkeop6.8.0-1023.25, 0, 6.8.0-1001.3
Ubuntu:22.04:LTSlinux-aws5.15.0-1042.47, 0, 5.15.0-1002.4
Ubuntu:24.04:LTSlinux-aws-6.170, 6.17.0-1005.5~24.04.2, 6.17.0-1007.7~24.04.1
Ubuntu:Nvidia-BlueField:22.04:LTSlinux-bluefield5.15.0-1062.64, 5.15.0-1061.63, 5.15.0-1060.62
Ubuntu:22.04:LTSlinux5.15.0-40.43, 5.15.0-41.44, 5.15.0-43.46
Ubuntu:22.04:LTSlinux-intel-iotg5.15.0-1037.42, 5.15.0-1072.78, 5.15.0-1071.77
Ubuntu:24.04:LTSlinux-ibm6.8.0-1036.36, 6.8.0-1017.17, 6.8.0-1018.18
Ubuntu:18.04:LTSlinux-hwe-edge5.3.0-22.24~18.04.1, 5.3.0-23.25~18.04.1, 5.3.0-23.25~18.04.2
Ubuntu:25.10linux-aws6.14.0-1005.5, 6.17.0-1007.7, 6.17.0-1006.6

…and 109 more

Timeline

References

Open in Interactive Console →