Vulnerability Details CVE-2019-19815
In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.7%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 7.1
References
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815
- https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19815
- https://github.com/torvalds/linux/commit/4969c06a0d83c9c3dc50b8efcdc8eeedfce896f6#diff-41a7fa4590d2af87e82101f2b4dadb56
- https://security.netapp.com/advisory/ntap-20200103-0001/
Products affected by CVE-2019-19815
-
cpe:2.3:o:linux:linux_kernel:5.0.21