CVE-2019-19319
MEDIUM6.5EPSS 0.44%linux - security update
Published: 11/27/2019Modified: 3/9/2026
Also known as:DSA-4698-1DEBIAN-CVE-2019-19319DEBIAN-CVE-2020-8428DEBIAN-CVE-2020-8647DEBIAN-CVE-2020-8648DEBIAN-CVE-2020-8649DEBIAN-CVE-2020-9383
Description
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.
Affected packages (3)
- Debian/linuxfrom 0, < 5.2.6-1
- Debian/linuxfrom 0, < 4.9.210-1+deb9u1
- Debian/linux-4.9from 0, < 4.9.210-1+deb9u1~deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |