CVE-2019-20794
Summary
| CVE | CVE-2019-20794 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-05-09 18:15:00 UTC |
|---|
| Updated | 2021-07-21 11:39:00 UTC |
|---|
| Description | An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| GitHub - sargun/fuse-example: An Example FUSE Filesystem Turned into an Exploit Vector |
CONFIRM |
github.com |
Exploit, Third Party Advisory |
| Filesystem in Userspace / [fuse-devel] Kernel Hung in FUSE |
CONFIRM |
sourceforge.net |
Exploit, Third Party Advisory |
| May 2020 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
Third Party Advisory |
| oss-security - CVE-2019-20794 kernel: task processes not being
properly ended could lead to resource exhaustion |
MLIST |
www.openwall.com |
Mailing List, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 900076 CBL-Mariner Linux Security Update for kernel 5.4.91
- 903282 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3502)
- 905792 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3502-1)
