A vulnerability classified as critical has been found in Ubuntu Linux 5.0/5.3 (Operating System). Affected is the function shiftfs_btrfs_ioctl_fd_replace of the component shiftfs. The manipulation with an unknown input leads to a type confusion vulnerability. CWE is classifying the issue as CWE-843. The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.

The weakness was disclosed 04/24/2020. This vulnerability is traded as CVE-2019-15792 since 08/29/2019. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/24/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• Operating System

Vendor

• Ubuntu

Name

• Linux

Version

• 5.0
• 5.3

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion