Out-of-bounds Read

CVE-2019-19927

Low

3.6/10

Summary

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

Advisory Timeline

Published Dec 31, 2019

Out-of-bounds Read

CVE-2019-19927

Summary

CWE-125 - Out-of-Bounds Read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS