[email protected]CVE-2019-15807

HistoryAug 29, 2019 - 6:15 p.m.

CVE-2019-15807

2019-08-2918:15:00

CWE-401

[email protected]

web.nvd.nist.gov

237

linux

kernel

memory leak

sas

expander

denial of service

cve-2019-15807

nvd

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

13.3%

JSON

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.1.13
redhat:enterprise_linuxredhat enterprise linuxeq7.0
debian:debian_linuxdebian debian linuxeq8.0
redhat:enterprise_linuxredhat enterprise linuxeq8.0

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.1.13
redhat:enterprise_linux	redhat enterprise linux	eq	7.0
debian:debian_linux	debian debian linux	eq	8.0
redhat:enterprise_linux	redhat enterprise linux	eq	8.0