CVE-2019-15538

 

Published at: - 25-08-2019 06:15

Last modified: - 26-10-2022 02:02

Total changes: - 3

Description

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/
• https://lore.kernel.org/linux-xfs/20190823192433.GA8736@eldamar.local
• https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee
• FEDORA-2019-4c91a2f76e-Third Party Advisory
• FEDORA-2019-97380355ae-Third Party Advisory
• [debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update-Mailing List, Third Party Advisory
• [debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update-Mailing List, Third Party Advisory
• openSUSE-SU-2019:2173-Mailing List, Third Party Advisory
• openSUSE-SU-2019:2181-Mailing List, Third Party Advisory
• USN-4144-1-Third Party Advisory
• https://security.netapp.com/advisory/ntap-20191004-0001/
• USN-4147-1-Third Party Advisory
• https://support.f5.com/csp/article/K32592426?utm_source=f5support&utm_medium=RSS

 

Keywords

NVD

 

CVE-2019-15538

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures