CVE-2019-15794
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-15794
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15794.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-15794
- Downstream
- Published
- 2020-04-24T00:15:11Z
- Modified
- 2025-08-09T20:01:27Z
- Severity
-
- 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vmfile in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vmfile points. On upstream kernels this is not an issue, as no callers dereference vmfile following after callmmap() returns an error. However, the aufs patchs change mmapregion() to replace the fput() using a local variable with vmafput(), which will fput() vm_file, leading to a refcount underflow.
- References
-
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635
- https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3
- https://usn.ubuntu.com/usn/usn-4208-1
- https://usn.ubuntu.com/usn/usn-4209-1