Main Vulnerability Database Vulnerabilities #VU34963

#VU34963 Out-of-bounds write in Linux kernel - CVE-2019-19814

Published: December 17, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU34963

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-19814

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

Remediation

Install update from vendor's website.

External links

https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814
https://security.netapp.com/advisory/ntap-20200103-0001/