UBUNTU-CVE-2019-15793

Source
https://ubuntu.com/security/CVE-2019-15793
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15793.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-15793
Upstream
  • CVE-2019-15793
Downstream
Related
Published
2019-11-12T18:00:00Z
Modified
2025-07-18T16:45:18Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into inituserns, whereas they should have been translated into the suserns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts suserns. A local attacker could use this to possibly bypass discretionary access control permissions.

References

Affected packages

Ubuntu:Pro:16.04:LTS / linux-hwe-edge

Package

Name
linux-hwe-edge
Purl
pkg:deb/ubuntu/linux-hwe-edge@4.15.0-23.25~16.04.1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.0-28.30~16.04.1
4.8.0-30.32~16.04.1
4.8.0-32.34~16.04.1
4.8.0-34.36~16.04.1
4.10.0-14.16~16.04.1
4.10.0-19.21~16.04.1
4.10.0-20.22~16.04.1
4.10.0-21.23~16.04.1
4.10.0-22.24~16.04.1
4.10.0-24.28~16.04.1
4.10.0-26.30~16.04.1
4.11.0-13.19~16.04.1
4.11.0-14.20~16.04.1
4.13.0-16.19~16.04.3
4.13.0-17.20~16.04.1
4.13.0-19.22~16.04.1
4.13.0-21.24~16.04.1
4.13.0-25.29~16.04.2
4.15.0-13.14~16.04.1
4.15.0-15.16~16.04.1
4.15.0-20.21~16.04.1
4.15.0-22.24~16.04.1
4.15.0-23.25~16.04.1

Ubuntu:Pro:18.04:LTS / linux-azure-edge

Package

Name
linux-azure-edge
Purl
pkg:deb/ubuntu/linux-azure-edge@5.0.0-1012.12~18.04.2?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.18.0-1006.6~18.04.1
4.18.0-1007.7~18.04.1
4.18.0-1008.8~18.04.1

5.*

5.0.0-1012.12~18.04.2

Ubuntu:Pro:18.04:LTS / linux-gcp-edge

Package

Name
linux-gcp-edge
Purl
pkg:deb/ubuntu/linux-gcp-edge@5.0.0-1013.13~18.04.1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.18.0-1004.5~18.04.1
4.18.0-1005.6~18.04.1
4.18.0-1006.7~18.04.1
4.18.0-1007.8~18.04.1
4.18.0-1008.9~18.04.1
4.18.0-1009.10~18.04.1
4.18.0-1011.12~18.04.1
4.18.0-1012.13~18.04.1
4.18.0-1013.14~18.04.1
4.18.0-1015.16~18.04.1

5.*

5.0.0-1011.11~18.04.1
5.0.0-1013.13~18.04.1

Ubuntu:Pro:18.04:LTS / linux-hwe-edge

Package

Name
linux-hwe-edge
Purl
pkg:deb/ubuntu/linux-hwe-edge@5.3.0-24.26~18.04.2?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.0-15.16~18.04.1
5.0.0-16.17~18.04.1
5.0.0-17.18~18.04.1
5.0.0-19.20~18.04.1
5.0.0-20.21~18.04.1
5.3.0-19.20~18.04.2
5.3.0-22.24~18.04.1
5.3.0-23.25~18.04.1
5.3.0-23.25~18.04.2
5.3.0-24.26~18.04.2

Ubuntu:Pro:20.04:LTS / linux-azure-fde

Package

Name
linux-azure-fde
Purl
pkg:deb/ubuntu/linux-azure-fde@5.4.0-1103.109+cvm1.1?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.0-1063.66+cvm2.2
5.4.0-1063.66+cvm3.2
5.4.0-1064.67+cvm1.1
5.4.0-1065.68+cvm2.1
5.4.0-1067.70+cvm1.1
5.4.0-1068.71+cvm1.1
5.4.0-1069.72+cvm1.1
5.4.0-1070.73+cvm1.1
5.4.0-1072.75+cvm1.1
5.4.0-1073.76+cvm1.1
5.4.0-1074.77+cvm1.1
5.4.0-1076.79+cvm1.1
5.4.0-1078.81+cvm1.1
5.4.0-1080.83+cvm1.1
5.4.0-1083.87+cvm1.1
5.4.0-1085.90+cvm1.1
5.4.0-1085.90+cvm2.1
5.4.0-1086.91+cvm1.1
5.4.0-1089.94+cvm1.2
5.4.0-1090.95+cvm1.1
5.4.0-1091.96+cvm1.1
5.4.0-1092.97+cvm1.1
5.4.0-1095.101+cvm1.1
5.4.0-1098.104+cvm1.1
5.4.0-1100.106+cvm1.1
5.4.0-1103.109+cvm1.1

Ubuntu:Pro:20.04:LTS / linux-gke

Package

Name
linux-gke
Purl
pkg:deb/ubuntu/linux-gke@5.4.0-1105.112?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.0-1033.35
5.4.0-1035.37
5.4.0-1036.38
5.4.0-1037.39
5.4.0-1039.41
5.4.0-1041.43
5.4.0-1042.44
5.4.0-1043.45
5.4.0-1044.46
5.4.0-1046.48
5.4.0-1049.52
5.4.0-1051.54
5.4.0-1052.55
5.4.0-1053.56
5.4.0-1054.57
5.4.0-1055.58
5.4.0-1056.59
5.4.0-1057.60
5.4.0-1059.62
5.4.0-1061.64
5.4.0-1062.65
5.4.0-1063.66
5.4.0-1065.68
5.4.0-1066.69
5.4.0-1067.70
5.4.0-1068.71
5.4.0-1071.76
5.4.0-1072.77
5.4.0-1074.79
5.4.0-1076.82
5.4.0-1078.84
5.4.0-1080.86
5.4.0-1081.87
5.4.0-1083.89
5.4.0-1084.90
5.4.0-1086.93
5.4.0-1087.94
5.4.0-1090.97
5.4.0-1091.98
5.4.0-1094.101
5.4.0-1095.102
5.4.0-1096.103
5.4.0-1097.104
5.4.0-1098.105
5.4.0-1099.106
5.4.0-1100.107
5.4.0-1101.108
5.4.0-1102.109
5.4.0-1103.110
5.4.0-1104.111
5.4.0-1105.112

Ubuntu:Pro:20.04:LTS / linux-gkeop

Package

Name
linux-gkeop
Purl
pkg:deb/ubuntu/linux-gkeop@5.4.0-1102.106?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.0-1008.9
5.4.0-1009.10
5.4.0-1010.11
5.4.0-1011.12
5.4.0-1012.13
5.4.0-1013.14
5.4.0-1014.15
5.4.0-1015.16
5.4.0-1016.17
5.4.0-1018.19
5.4.0-1021.22
5.4.0-1022.23
5.4.0-1023.24
5.4.0-1024.25
5.4.0-1025.26
5.4.0-1026.27
5.4.0-1027.28
5.4.0-1029.30
5.4.0-1031.32
5.4.0-1032.33
5.4.0-1033.34
5.4.0-1034.35
5.4.0-1036.37
5.4.0-1037.38
5.4.0-1038.39
5.4.0-1039.40
5.4.0-1040.41
5.4.0-1043.44
5.4.0-1046.48
5.4.0-1048.51
5.4.0-1049.52
5.4.0-1051.54
5.4.0-1052.55
5.4.0-1053.56
5.4.0-1054.57
5.4.0-1056.60
5.4.0-1057.61
5.4.0-1060.64
5.4.0-1061.65
5.4.0-1062.66
5.4.0-1064.68
5.4.0-1065.69
5.4.0-1066.70
5.4.0-1067.71
5.4.0-1068.72
5.4.0-1069.73
5.4.0-1070.74
5.4.0-1071.75
5.4.0-1072.76
5.4.0-1073.77
5.4.0-1074.78
5.4.0-1075.79
5.4.0-1076.80
5.4.0-1077.81
5.4.0-1078.82
5.4.0-1079.83
5.4.0-1080.84
5.4.0-1081.85
5.4.0-1083.87
5.4.0-1084.88
5.4.0-1085.89
5.4.0-1086.90
5.4.0-1087.91
5.4.0-1088.92
5.4.0-1089.93
5.4.0-1090.94
5.4.0-1091.95
5.4.0-1092.96
5.4.0-1093.97
5.4.0-1094.98
5.4.0-1095.99
5.4.0-1096.100
5.4.0-1097.101
5.4.0-1098.102
5.4.0-1099.103
5.4.0-1100.104
5.4.0-1101.105
5.4.0-1102.106

Ubuntu:Pro:20.04:LTS / linux-gkeop-5.15

Package

Name
linux-gkeop-5.15
Purl
pkg:deb/ubuntu/linux-gkeop-5.15@5.15.0-1055.62~20.04.1?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.0-1003.5~20.04.2
5.15.0-1005.7~20.04.1
5.15.0-1007.10~20.04.1
5.15.0-1008.12~20.04.1
5.15.0-1011.15~20.04.2
5.15.0-1012.16~20.04.1
5.15.0-1013.17~20.04.1
5.15.0-1015.19~20.04.1
5.15.0-1016.21~20.04.1
5.15.0-1017.22~20.04.1
5.15.0-1018.23~20.04.1
5.15.0-1019.24~20.04.1
5.15.0-1020.25~20.04.1
5.15.0-1021.26~20.04.1
5.15.0-1022.27~20.04.1
5.15.0-1023.28~20.04.1
5.15.0-1024.29~20.04.1
5.15.0-1025.30~20.04.1
5.15.0-1026.31~20.04.1
5.15.0-1027.32~20.04.1
5.15.0-1028.33~20.04.1
5.15.0-1030.35~20.04.1
5.15.0-1031.37~20.04.1
5.15.0-1032.38~20.04.1
5.15.0-1033.39~20.04.1
5.15.0-1034.40~20.04.1
5.15.0-1035.41~20.04.1
5.15.0-1036.42~20.04.1
5.15.0-1037.43~20.04.1
5.15.0-1038.44~20.04.1
5.15.0-1039.45~20.04.1
5.15.0-1040.46~20.04.1
5.15.0-1043.50~20.04.1
5.15.0-1044.51~20.04.1
5.15.0-1045.52~20.04.1
5.15.0-1046.53~20.04.1
5.15.0-1047.54~20.04.1
5.15.0-1048.55~20.04.1
5.15.0-1049.56~20.04.1
5.15.0-1050.57~20.04.1
5.15.0-1051.58~20.04.1
5.15.0-1052.59~20.04.1
5.15.0-1053.60~20.04.1
5.15.0-1054.61~20.04.1
5.15.0-1055.62~20.04.1

Ubuntu:Pro:20.04:LTS / linux-raspi2

Package

Name
linux-raspi2
Purl
pkg:deb/ubuntu/linux-raspi2@5.4.0-1006.6?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-1007.8
5.3.0-1014.16
5.3.0-1015.17
5.3.0-1017.19
5.4.0-1004.4
5.4.0-1006.6

Ubuntu:Pro:20.04:LTS / linux-riscv

Package

Name
linux-riscv
Purl
pkg:deb/ubuntu/linux-riscv@5.4.0-40.45?arch=source&distro=esm-infra/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.0-24.28
5.4.0-26.30
5.4.0-27.31
5.4.0-28.32
5.4.0-30.34
5.4.0-31.35
5.4.0-33.37
5.4.0-34.38
5.4.0-36.41
5.4.0-37.42
5.4.0-39.44
5.4.0-40.45

Ubuntu:22.04:LTS / linux-intel-iot-realtime

Package

Name
linux-intel-iot-realtime
Purl
pkg:deb/ubuntu/linux-intel-iot-realtime@5.15.0-1073.75?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.0-1073.75

Ubuntu:22.04:LTS / linux-realtime

Package

Name
linux-realtime
Purl
pkg:deb/ubuntu/linux-realtime@5.15.0-1032.35?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.0-1032.35

Ubuntu:22.04:LTS / linux-riscv

Package

Name
linux-riscv
Purl
pkg:deb/ubuntu/linux-riscv@5.15.0-1028.32?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.13.0-1004.4
5.13.0-1006.6+22.04.1
5.13.0-1007.7+22.04.1
5.13.0-1010.11+22.04.1
5.15.0-1004.4
5.15.0-1005.5
5.15.0-1006.6
5.15.0-1007.7
5.15.0-1008.8
5.15.0-1011.12
5.15.0-1012.13
5.15.0-1014.16
5.15.0-1015.17
5.15.0-1016.18
5.15.0-1017.19
5.15.0-1018.21
5.15.0-1019.22
5.15.0-1020.23
5.15.0-1022.26
5.15.0-1023.27
5.15.0-1026.30
5.15.0-1027.31
5.15.0-1028.32

Ubuntu:24.04:LTS / linux-raspi-realtime

Package

Name
linux-raspi-realtime
Purl
pkg:deb/ubuntu/linux-raspi-realtime@6.8.0-2019.20?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.8.0-2019.20