Updated: 2023-12-06
CWE: Access of Resource Using Incompatible Type ('Type Confusion')
Description:
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
CVSS3: 7.8
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 18.04 HWE | 5.0.0-35.38~18.04.1 | USN-4184-1 |
| Ubuntu 18.04 GCP | 5.0.0-1025.26~18.04.1 | USN-4184-1 |
| Ubuntu 18.04 Azure | 5.0.0-1025.27~18.04.1 | USN-4184-1 |
| OS | Original kernel version | State |
|---|---|---|
| Ubuntu 18.04 HWE | |
Ready For Release |
| Ubuntu 18.04 GCP |
5.0.0-1020.20~18.04.1
show all
hide all
5.0.0-1021.21~18.04.1
|
Released |
| Proxmox VE 6 |
5.0.21-1-pve_5.0.21-2
show all
hide all
5.0.18-1-pve_5.0.18-3
5.0.15-1-pve_5.0.15-1
5.0.12-1-pve_5.0.12-1
5.0.18-1-pve_5.0.18-1
5.0.18-1-pve_5.0.18-2
5.0.21-1-pve_5.0.21-1
5.0.21-2-pve_5.0.21-3
5.0.21-2-pve_5.0.21-6
5.0.21-3-pve_5.0.21-7
5.0.8-1-pve_5.0.8-1
5.0.8-2-pve_5.0.8-2
5.0.21-2-pve_5.0.21-4
|
Released |
| Ubuntu 18.04 Azure |
5.0.0-1020.21~18.04.1
show all
hide all
5.0.0-1022.23~18.04.1
5.0.0-1018.19~18.04.1
5.0.0-1023.24~18.04.1
5.0.0-1016.17~18.04.1
5.0.0-1019.20~18.04.1
5.0.0-1021.22~18.04.1
5.0.0-1014.14~18.04.1
|
Released |
| Debian 9 backports | |
Ready For Release |