CVE-2019-19927 - OpenCVE

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Opensuse	Leap

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927
https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428
https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39
https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4
https://nvd.nist.gov/vuln/detail/CVE-2019-19927
https://security.netapp.com/advisory/ntap-20200204-0002/
https://www.cve.org/CVERecord?id=CVE-2019-19927

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-31T02:00:12

Updated: 2024-08-05T02:32:09.762Z

Reserved: 2019-12-23T00:00:00

Link: CVE-2019-19927

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-31T02:15:10.647

Modified: 2020-05-14T14:48:24.137

Link: CVE-2019-19927

Redhat

Severity : Moderate

Publid Date: 2019-12-31T00:00:00Z

Links: CVE-2019-19927 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-13T13:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"}, {"name": "openSUSE-SU-2020:0336", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39"}, {"name": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927", "refsource": "MISC", "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927"}, {"name": "https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4"}, {"name": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428"}, {"name": "https://security.netapp.com/advisory/ntap-20200204-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"}, {"name": "openSUSE-SU-2020:0336", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:32:09.762Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"}, {"name": "openSUSE-SU-2020:0336", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19927", "datePublished": "2019-12-31T02:00:12", "dateReserved": "2019-12-23T00:00:00", "dateUpdated": "2024-08-05T02:32:09.762Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:5.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "77F342FB-3D7B-4EAE-BF8B-57B7B860BAFD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module."}, {"lang": "es", "value": "En el kernel de Linux versi\u00f3n 5.0.0-rc7 (distribuido en ubuntu/linux.git en kernel.ubuntu.com), montar una imagen de sistema de archivos f2fs especialmente dise\u00f1ada y llevar a cabo algunas operaciones puede conllevar a un acceso de lectura fuera de l\u00edmites en la funci\u00f3n ttm_put_pages en el archivo drivers/gpu/drm/ttm/ttm_page_alloc.c. Esto est\u00e1 relacionado con el m\u00f3dulo vmwgfx o ttm."}], "id": "CVE-2019-19927", "lastModified": "2020-05-14T14:48:24.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-31T02:15:10.647", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19927"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/453393369dc9806d2455151e329c599684762428"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/a66477b0efe511d98dde3e4aaeb189790e6f0a39"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/ac1e516d5a4c56bf0cb4a3dfc0672f689131cfd4"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200204-0002/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Out-of-bounds read in ttm_put_pages in gpu/drm/ttm/ttm_page_alloc.c", "id": "1790044", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790044"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.", "An out-of-bounds (OOB) memory access flaw was found in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c in the Linux kernel\u2019s graphics module. Incrementing the page pointer for huge pages was not in sync with the reference counter, and this could lead to an out-of-bounds access or a denial of service. This flaw allows a local attacker with special user privileges (or root) to cause memory exploitation."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2019-19927", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-12-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-19927\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19927"], "threat_severity": "Moderate"}