CVE-2019-15538
Summary
| CVE | CVE-2019-15538 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-08-25 16:15:00 UTC |
| Updated | 2023-11-07 03:05:00 UTC |
| Description | An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 29 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | - | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | rc1 | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | rc2 | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | rc3 | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | rc4 | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | rc5 | All | All |
| Operating System | Linux | Linux Kernel | 5.3 | rc6 | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Hardware | Netapp | Aff A700s | - | All | All | All |
| Operating System | Netapp | Aff A700s Firmware | - | All | All | All |
| Application | Netapp | Data Availability Services | - | All | All | All |
| Hardware | Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H610s | - | All | All | All |
| Operating System | Netapp | H610s Firmware | - | All | All | All |
| Hardware | Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Operating System | Opensuse | Leap | 15.0 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.f5.com/csp/article/K32592426 | CONFIRM | support.f5.com | |
| [SECURITY] Fedora 30 Update: kernel-5.2.11-200.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| September 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| USN-4144-1: Linux kernel vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Re: [PATCH] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT - Salvatore Bonaccorso | MISC | lore.kernel.org | Mailing List, Patch, Vendor Advisory |
| [PATCH] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT - Darrick J. Wong | MISC | lore.kernel.org | Mailing List, Patch, Vendor Advisory |
| [SECURITY] Fedora 29 Update: kernel-headers-5.2.11-100.fc29 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Re: [PATCH] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT - Salvatore Bonaccorso | lore.kernel.org | ||
| [security-announce] openSUSE-SU-2019:2181-1: important: Security update | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 29 Update: kernel-headers-5.2.11-100.fc29 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [PATCH] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT - Darrick J. Wong | lore.kernel.org | ||
| myF5 | support.f5.com | ||
| [security-announce] openSUSE-SU-2019:2173-1: important: Security update | SUSE | lists.opensuse.org | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| [SECURITY] [DLA 1919-2] linux-4.9 security update | MLIST | lists.debian.org | |
| [SECURITY] [DLA 1919-1] linux-4.9 security update | MLIST | lists.debian.org | |
| USN-4147-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to E… · torvalds/linux@1fb254a · GitHub | MISC | github.com | Patch, Third Party Advisory |
| [SECURITY] Fedora 30 Update: kernel-5.2.11-200.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.