VYPR
Unrated severityNVD Advisory· Published Apr 23, 2020· Updated Sep 16, 2024

Mishandling of file-system uid/gid with namespaces in shiftfs

CVE-2019-15793

Description

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: 5.0 and 5.3 kernel series
  • Ubuntu/Shiftfs in the Linux kernelv5
    Range: 5.3.0-11.12

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.