CVE-2019-15538
high-risk
Published 2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
Do I need to act?
!
16.4% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (28)
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0001/
Third Party Advisory
https://usn.ubuntu.com/4144-1/
Third Party Advisory
https://usn.ubuntu.com/4147-1/
and 8 more references
61
/ 100
high-risk
Severity
26/34 · High
Exploitability
13/34 · Low
Exposure
22/34 · High