#VU34962 Use-after-free in Linux kernel - CVE-2019-19813

Cybersecurity Help s.r.o.

Published: 2019-12-17 | Updated: 2020-08-08

Vulnerability identifier: #VU34962

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-19813

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.0.21

External links
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813
https://security.netapp.com/advisory/ntap-20200103-0001/
https://usn.ubuntu.com/4414-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-aws

Ubuntu update for linux

Amazon Linux AMI update for kernel

Use-after-free in Linux kernel