VDB
CVE-2019-19449
CVE-2019-19449
PUBLISHED
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).
EPSS 0.35% · 57.8th percentile
Risk Scores
EPSS Score
0.35%
57.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-oracle-5.3 | 5.3.0-1027.29~18.04.1, *, 5.3.0-1030.32~18.04.1 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-gcp-fips | 0, 4.15.0-1001.1 |
| Ubuntu:Pro:16.04:LTS | linux-hwe | 4.15.0-158.166~16.04.1, 4.15.0-156.163~16.04.1, 4.15.0-154.161~16.04.1 |
| Ubuntu:18.04:LTS | linux-azure-edge | *, *, 4.18.0-1008.8~18.04.1 |
| Ubuntu:18.04:LTS | linux | 4.15.0-72.81, 4.15.0-135.139, 4.15.0-122.124 |
| Ubuntu:20.04:LTS | linux-azure | 5.4.0-1020.20, 5.4.0-1016.16, 5.4.0-1012.12 |
| Ubuntu:20.04:LTS | linux-bluefield | 5.4.0-1007.10, 0, 5.4.0-1020.23 |
| Ubuntu:20.04:LTS | linux-kvm | 5.4.0-1008.8, 5.4.0-1040.41, 5.4.0-1041.42 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1039.41, 5.4.0-1049.52, 5.4.0-1053.56 |
| Ubuntu:20.04:LTS | linux-oem-5.6 | 5.6.0-1021.21, 5.6.0-1026.26, 5.6.0-1010.10 |
| Ubuntu:18.04:LTS | linux-oracle | 4.15.0-1080.88, 0, 4.15.0-1008.10 |
| Ubuntu:18.04:LTS | linux-aws | 4.15.0-1066.70, 4.15.0-1065.69, 4.15.0-1063.67 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 0, 4.15.0-2000.4 |
| Ubuntu:Pro:14.04:LTS | linux-azure | *, *, 4.15.0-1040.44~14.04.1 |
| Ubuntu:18.04:LTS | linux-snapdragon | 4.15.0-1072.79, 0, 4.4.0-1077.82 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 5.0.0-1011.16, *, 5.0.0-1014.19 |
| Ubuntu:20.04:LTS | linux-azure-5.8 | 5.8.0-1041.44~20.04.1, 5.8.0-1039.42~20.04.1, 5.8.0-1036.38~20.04.1 |
| Ubuntu:20.04:LTS | linux-ibm | 0, 5.4.0-1006.7, 5.4.0-1003.4 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1096.106, 4.15.0-1097.107, 4.15.0-1100.110 |
| Ubuntu:20.04:LTS | linux-riscv-5.8 | 5.8.0-29.31~20.04.1, *, * |
…and 65 more
Exploit Intelligence
Timeline
- Dec 8, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-19449 third-party-advisory
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449 third-party-advisory
- https://ubuntu.com/security/notices/USN-5120-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5136-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5137-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5137-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-5343-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-19449 third-party-advisory