VDB
CVE-2019-19377
CVE-2019-19377
PUBLISHED
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
EPSS 0.39% · 60.6th percentile
Risk Scores
EPSS Score
0.39%
60.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | linux-aws-hwe | *, 4.15.0-1030.31~16.04.1, 0 |
| Ubuntu:18.04:LTS | linux-azure-4.15 | 0, 4.15.0-1083.93, 4.15.0-1082.92 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 0, 4.4.0-1006.6, 4.4.0-1011.11 |
| Ubuntu:18.04:LTS | linux | 4.15.0-70.79, 4.15.0-52.56, 4.15.0-51.55 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-azure-fips | 0, 4.15.0-1002.2 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 0, 4.15.0-2021.21, 4.15.0-2018.18 |
| Ubuntu:Pro:14.04:LTS | linux-azure | *, 4.15.0-1089.99~14.04.1, 4.15.0-1083.93~14.04.1 |
| Ubuntu:Pro:16.04:LTS | linux | 4.4.0-245.279, 4.4.0-24.43, 4.4.0-31.50 |
| Ubuntu:20.04:LTS | linux-aws | 5.4.0-1005.5, 0, 5.3.0-1010.11 |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | *, *, 0 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 0, 4.15.0-20.21~16.04.1, 4.15.0-15.16~16.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 0, *, * |
| Ubuntu:18.04:LTS | linux-azure-5.3 | 5.3.0-1016.17~18.04.1, *, 5.3.0-1018.19~18.04.1 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1017.19, 0, 5.3.0-1007.8 |
| Ubuntu:20.04:LTS | linux-azure | 5.3.0-1009.10, 5.4.0-1006.6, 5.4.0-1010.10 |
| Ubuntu:16.04:LTS | linux-gcp | 4.15.0-1060.64, 4.15.0-1055.59, 4.15.0-1052.56 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-66.108, 0, 3.12.0-1.3 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1033.38, 0, 4.15.0-1002.3 |
| Ubuntu:20.04:LTS | linux-azure-fde | 5.4.0-1083.87+cvm1.1, 5.4.0-1080.83+cvm1.1, 5.4.0-1076.79+cvm1.1 |
| Ubuntu:18.04:LTS | linux-raspi2-5.3 | 5.3.0-1017.19~18.04.1, *, 0 |
…and 41 more
Exploit Intelligence
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 (nist-nvd)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
- CVE-2022-32250.yara (github-yara)
Timeline
- Nov 29, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-19377 third-party-advisory
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 third-party-advisory
- https://ubuntu.com/security/notices/USN-4369-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4367-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4414-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-19377 third-party-advisory