ASA-2019-00657 – Linux kernel: Use-after-free vulnerability when deleting a file from a recently unmounted specially crafted ext4 filesystem

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00657

Identifier(s)

ASA-2019-00657, CVE-2019-19447

Title

Use-after-free vulnerability when deleting a file from a recently unmounted specially crafted ext4 filesystem

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel versions before 5.5

Linux kernel versions 5.4.x before 5.4.4
Linux kernel versions 5.3.x before 5.3.17
Linux kernel versions 4.19.x before 4.19.90
Linux kernel versions 4.14.x before 4.14.159
Linux kernel versions 4.9.x before 4.9.208
Linux kernel versions 4.4.x before 4.4.208
Linux kernel versions 3.16.x before 3.16.82

Fixed version(s)

Linux kernel version 5.5

Linux kernel version 5.4.4
Linux kernel version 5.3.17
Linux kernel version 4.19.90
Linux kernel version 4.14.159
Linux kernel version 4.9.208
Linux kernel version 4.4.208
Linux kernel version 3.16.82

Proof of concept

Yes

Description

A flaw was found in the Linux kernel’s ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.

Technical details

Unknown

Credits

Team bobfuzzer

Reference(s)

ext4: work around deleting a file with i_nlink == 0 safely
https://github.com/torvalds/linux/commit/c7df4a1ecb8579838ec8c56b2bb6a6716e974f37#diff-3e9c6aa65331591d44f88d9585db806f

[PATCH] ext4: work around deleting a file with i_nlink == 0 safely
https://lore.kernel.org/linux-ext4/20191112032903.8828-1-tytso@mit.edu/

BUG: KASAN: use-after-free in ext4_put_super+0xb1d/0xd80
https://bugzilla.kernel.org/show_bug.cgi?id=205433

CVE-2019-19447
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447

Linux 5.4.4
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.4

Linux 5.3.17
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.17

Linux 4.19.90
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.90

Linux 4.14.159
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.159

Linux 4.9.208
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.208

Linux 4.4.208
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.208

Linux 3.16.82
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.82

CVE-2019-19447 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-19447

CVE-2019-19447 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19447.html

CVE-2019-19447
https://security-tracker.debian.org/tracker/CVE-2019-19447

CVE-2019-19447 | SUSE
https://www.suse.com/security/cve/CVE-2019-19447

CVE-2019-19447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19447

CVE-2019-19447
https://nvd.nist.gov/vuln/detail/CVE-2019-19447

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: February 15, 2020

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.