1801616 – (CVE-2019-15791) CVE-2019-15791 kernel: reference count underflow was discovered in shiftfs implementation causing dos

Bug 1801616 (CVE-2019-15791) - CVE-2019-15791 kernel: reference count underflow was discovered in shiftfs implementation causing dos

Summary: CVE-2019-15791 kernel: reference count underflow was discovered in shiftfs im...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-15791
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1801617
Blocks:	1801619
TreeView+	depends on / blocked

Reported:	2020-02-11 11:24 UTC by Dhananjay Arunesh
Modified:	2021-02-16 20:36 UTC (History)
CC List:	44 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in Linux kernel. A reference count underflow was discovered in the shiftfs implementation which could be used to cause a denial of service (system crash) or possibly execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:	2020-03-31 05:47:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-02-11 11:24:48 UTC

A vulnerability was found in Linux Kernel, where a reference count underflow was discovered in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

Reference:
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15791.html

Comment 1 Dhananjay Arunesh 2020-02-11 11:25:47 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1801617]

Comment 2 Justin M. Forbes 2020-02-11 15:52:50 UTC

Shiftfs is not upstream, and is currently an Ubuntu specific patch set.  This has never impacted any Fedora products.

Comment 3 Dave Baker 2020-03-10 13:57:50 UTC

The fs/shiftfs.c file affected by this flaw is also not present in RHEL.

Comment 4 Wade Mealing 2020-03-31 05:46:35 UTC

Statement:

No current shipping products include the code necessary to fix this issue.

Comment 5 Wade Mealing 2020-03-31 05:47:04 UTC

Mitigation:

Mitigation of this flaw is not necessary on Red Hat Enterprise Linux and layered products.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
masami256
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
qzhao
rt-maint
rvrbovsk
steved
williams