cve/2019/CVE-2019-15666.md

### [CVE-2019-15666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15666)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.

### POC

#### Reference
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427

#### Github
- https://github.com/Al1ex/LinuxEelvation
- https://github.com/De4dCr0w/Linux-kernel-EoP-exp
- https://github.com/DrewSC13/Linpeas
- https://github.com/HaxorSecInfec/autoroot.sh
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
- https://github.com/bsauce/kernel-exploit-factory
- https://github.com/bsauce/kernel-security-learning
- https://github.com/gglessner/Rocky
- https://github.com/go-bi/go-bi-soft
- https://github.com/siddicky/yotjf
- https://github.com/substing/internal_ctf
- https://github.com/vlain1337/auto-lpe
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-15666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15666)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### Description`

			`An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.`

			`### POC`

			`#### Reference`
			`- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b805d78d300bcf2c83d6df7da0c818b0fee41427`

			`#### Github`
			`- https://github.com/Al1ex/LinuxEelvation`
			`- https://github.com/De4dCr0w/Linux-kernel-EoP-exp`
Update CVE sources 2024-06-08 09:32 2024-06-08 09:32:58 +00:00			`- https://github.com/DrewSC13/Linpeas`
Update CVE sources 2024-06-22 09:37 2024-06-22 09:37:59 +00:00			`- https://github.com/HaxorSecInfec/autoroot.sh`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits`
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/bsauce/kernel-exploit-factory`
			`- https://github.com/bsauce/kernel-security-learning`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/gglessner/Rocky`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/go-bi/go-bi-soft`
			`- https://github.com/siddicky/yotjf`
			`- https://github.com/substing/internal_ctf`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/vlain1337/auto-lpe`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00