CVE - CVE-2019-11487

CVE-ID
CVE-2019-11487	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:108054 URL:http://www.securityfocus.com/bid/108054 CONFIRM:https://security.netapp.com/advisory/ntap-20190517-0005/ URL:https://security.netapp.com/advisory/ntap-20190517-0005/ CONFIRM:https://support.f5.com/csp/article/K14255532 URL:https://support.f5.com/csp/article/K14255532 MISC:https://bugs.chromium.org/p/project-zero/issues/detail?id=1752 URL:https://bugs.chromium.org/p/project-zero/issues/detail?id=1752 MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb URL:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a URL:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397 URL:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397 MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64 URL:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64 MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3 URL:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3 MISC:https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb URL:https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb MISC:https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a URL:https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a MISC:https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397 URL:https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397 MISC:https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64 URL:https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64 MISC:https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3 URL:https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3 MISC:https://lwn.net/Articles/786044/ URL:https://lwn.net/Articles/786044/ MISC:https://www.oracle.com/security-alerts/cpuApr2021.html URL:https://www.oracle.com/security-alerts/cpuApr2021.html MLIST:[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html MLIST:[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html MLIST:[oss-security] 20190429 Linux kernel: multiple issues URL:http://www.openwall.com/lists/oss-security/2019/04/29/1 REDHAT:RHSA-2019:2703 URL:https://access.redhat.com/errata/RHSA-2019:2703 REDHAT:RHSA-2019:2741 URL:https://access.redhat.com/errata/RHSA-2019:2741 REDHAT:RHSA-2020:0174 URL:https://access.redhat.com/errata/RHSA-2020:0174 SUSE:openSUSE-SU-2019:1570 URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html SUSE:openSUSE-SU-2019:1571 URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html SUSE:openSUSE-SU-2019:1579 URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html UBUNTU:USN-4069-1 URL:https://usn.ubuntu.com/4069-1/ UBUNTU:USN-4069-2 URL:https://usn.ubuntu.com/4069-2/ UBUNTU:USN-4115-1 URL:https://usn.ubuntu.com/4115-1/ UBUNTU:USN-4118-1 URL:https://usn.ubuntu.com/4118-1/ UBUNTU:USN-4145-1 URL:https://usn.ubuntu.com/4145-1/
Assigning CNA
MITRE Corporation
Date Record Created
20190423	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190423)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)