Lucene search

K
cve[email protected]CVE-2019-19054
HistoryNov 18, 2019 - 6:15 a.m.

CVE-2019-19054

2019-11-1806:15:11
CWE-401
web.nvd.nist.gov
226
2
cve-2019-19054
memory leak
cx23888_ir_probe
denial of service
linux kernel
kfifo_alloc
nvd

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.3%

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

Affected configurations

NVD
Node
linuxlinux_kernelRange5.3.11
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch20.04lts
OR
fedoraprojectfedoraMatch30
OR
fedoraprojectfedoraMatch31
OR
opensuseleapMatch15.1
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappaff_baseboard_management_controllerMatch-
OR
netappcloud_backupMatch-
OR
netappdata_availability_servicesMatch-
OR
netappe-series_santricity_os_controllerMatch11.0
OR
netappe-series_santricity_os_controllerMatch11.0.0
OR
netappe-series_santricity_os_controllerMatch11.20
OR
netappe-series_santricity_os_controllerMatch11.25
OR
netappe-series_santricity_os_controllerMatch11.30
OR
netappe-series_santricity_os_controllerMatch11.30.5r3
OR
netappe-series_santricity_os_controllerMatch11.40
OR
netappe-series_santricity_os_controllerMatch11.40.3r2
OR
netappe-series_santricity_os_controllerMatch11.40.5
OR
netappe-series_santricity_os_controllerMatch11.50.1
OR
netappe-series_santricity_os_controllerMatch11.50.2-
OR
netappe-series_santricity_os_controllerMatch11.50.2p1
OR
netappe-series_santricity_os_controllerMatch11.60
OR
netappe-series_santricity_os_controllerMatch11.60.0
OR
netappe-series_santricity_os_controllerMatch11.60.1
OR
netappe-series_santricity_os_controllerMatch11.60.3
OR
netappe-series_santricity_os_controllerMatch11.70.1
OR
netappe-series_santricity_os_controllerMatch11.70.2
OR
netappfas\/aff_baseboard_management_controllerMatch-
OR
netapphci_baseboard_management_controllerMatchh610s
OR
netappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-
OR
netappsolidfire_\&_hci_management_nodeMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
broadcombrocade_fabric_operating_system_firmwareMatch-
Node
netapphci_compute_node_firmwareMatch-
AND
netapphci_compute_nodeMatch-
Node
netappsolidfire_baseboard_management_controller_firmwareMatch-
AND
netappsolidfire_baseboard_management_controllerMatch-

Social References

More

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.3%