CVE-2019-19816

Public on 2019-12-17

Modified on 2021-01-26

Description

A flaw was found in the implementation of the BTRFS file system code in the Linux kernel. An attacker, who is able to mount a crafted BTRFS filesystem and perform common filesystem operations, can possibly cause an out-of-bounds write to memory. This could lead to memory corruption or privilege escalation.

Severity

Medium

See what this means

CVSS v3 Base Score

7.8

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	kernel	2021-01-26 00:11	ALAS-2021-1477
Amazon Linux 2 - Core	kernel	2021-01-25 23:09	ALAS2-2021-1588

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD	CVSSv2	9.3	AV:N/AC:M/Au:N/C:C/I:C/A:C
NVD	CVSSv3	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2019-19816 Mitre: CVE-2019-19816 FAQs regarding Amazon Linux ALAS/CVE Severity