6

CVE-2019-19927

Exploit
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version5.0 Updaterc7
OpensuseLeap Version15.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.502
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200204-0002/
Third Party Advisory
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927
Third Party Advisory
Exploit
https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428
Patch
Third Party Advisory
https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39
Patch
Third Party Advisory
https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4
Patch
Third Party Advisory