Lucene search

K
cve[email protected]CVE-2019-19050
HistoryNov 18, 2019 - 6:15 a.m.

CVE-2019-19050

2019-11-1806:15:11
CWE-401
web.nvd.nist.gov
113
memory leak
crypto_reportstat
denial of service
nvd
cve-2019-19050
linux kernel
security vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

Affected configurations

NVD
Node
linuxlinux_kernelRange4.205.3.16
OR
linuxlinux_kernelRange5.45.4.3
OR
linuxlinux_kernelMatch5.5rc1
Node
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
Node
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.10
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappdata_availability_servicesMatch-
OR
netappe-series_santricity_os_controllerRange11.0.011.60.3
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netapphci_compute_nodeMatch-
OR
netapphci_storage_nodeMatch-
OR
broadcomfabric_operating_systemMatch-
Node
netappaff_a700s_firmwareMatch-
AND
netappaff_a700sMatch-
Node
netappfas8300_firmwareMatch-
AND
netappfas8300Match-
Node
netappfas8700_firmwareMatch-
AND
netappfas8700Match-
Node
netappaff_a400_firmwareMatch-
AND
netappaff_a400Match-
Node
netapph610s_firmwareMatch-
AND
netapph610sMatch-

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%