CVE-2019-15793

Mishandling of file-system uid/gid with namespaces in shiftfs

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

References

Link	Tags
https://usn.ubuntu.com/usn/usn-4183-1	third party advisory
https://usn.ubuntu.com/usn/usn-4184-1	third party advisory
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb	patch mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2019-15793?: CVE-2019-15793 has been scored as a medium severity vulnerability.
How to fix CVE-2019-15793?: To fix CVE-2019-15793, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-15793 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-15793 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-15793?: CVE-2019-15793 affects Ubuntu Shiftfs in the Linux kernel.

Description

Categories

CWE-538 – Insertion of Sensitive Information into Externally-Accessible File or Directory

CWE-276 – Incorrect Default Permissions

References

Frequently Asked Questions