CVE-2019-15794

NameCVE-2019-15794
DescriptionOverlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1fixed
jessie (security)3.16.84-1fixed
stretch4.9.210-1fixed
stretch (security)4.9.210-1+deb9u1fixed
buster4.19.118-2vulnerable
buster (security)4.19.118-2+deb10u1vulnerable
bullseye, sid5.7.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)
linuxsourcejessie(not affected)
linuxsourcestretch(not affected)

Notes

[stretch] - linux <not-affected> (overlayfs passes through mmap)
[jessie] - linux <not-affected> (overlayfs not present)
https://bugs.launchpad.net/bugs/1850994

Search for package or bug name: Reporting problems