CVE-2019-15791 HIGH

CVE-2019-15791: Reference count underflow in shiftfs

Vendor Ubuntu
Product Shiftfs in the Linux kernel
Weakness CWE-672
Published April 23, 2020
Last update September 17, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.

Key dates

02Disclosure timeline

April 23, 2020 CVE published
September 17, 2024 Record updated