Lucene search

[email protected]CVE-2019-19054

HistoryNov 18, 2019 - 6:15 a.m.

CVE-2019-19054

2019-11-1806:15:11

CWE-401

[email protected]

web.nvd.nist.gov

228

cve-2019-19054

memory leak

cx23888_ir_probe

denial of service

linux kernel

kfifo_alloc

nvd

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

Low

EPSS

Percentile

14.2%

JSON

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤5.3.11

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch20.04lts

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

opensuseleapMatch15.1

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappaff_baseboard_management_controllerMatch-

netappcloud_backupMatch-

netappdata_availability_servicesMatch-

netappe-series_santricity_os_controllerMatch11.0

netappe-series_santricity_os_controllerMatch11.0.0

netappe-series_santricity_os_controllerMatch11.20

netappe-series_santricity_os_controllerMatch11.25

netappe-series_santricity_os_controllerMatch11.30

netappe-series_santricity_os_controllerMatch11.30.5r3

netappe-series_santricity_os_controllerMatch11.40

netappe-series_santricity_os_controllerMatch11.40.3r2

netappe-series_santricity_os_controllerMatch11.40.5

netappe-series_santricity_os_controllerMatch11.50.1

netappe-series_santricity_os_controllerMatch11.50.2-

netappe-series_santricity_os_controllerMatch11.50.2p1

netappe-series_santricity_os_controllerMatch11.60

netappe-series_santricity_os_controllerMatch11.60.0

netappe-series_santricity_os_controllerMatch11.60.1

netappe-series_santricity_os_controllerMatch11.60.3

netappe-series_santricity_os_controllerMatch11.70.1

netappe-series_santricity_os_controllerMatch11.70.2

netappfas\/aff_baseboard_management_controllerMatch-

netapphci_baseboard_management_controllerMatchh610s

netappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-

netappsolidfire_\&_hci_management_nodeMatch-

netappsteelstore_cloud_integrated_storageMatch-

broadcombrocade_fabric_operating_system_firmwareMatch-

Node

netapphci_compute_node_firmwareMatch-

AND

netapphci_compute_nodeMatch-

Node

netappsolidfire_baseboard_management_controller_firmwareMatch-

AND

netappsolidfire_baseboard_management_controllerMatch-

VendorProductVersionCPE
linuxlinux_kernelcpe:/o:linux:linux_kernel::::

Vendor	Product	Version	CPE
linux	linux_kernel		cpe:/o:linux:linux_kernel::::

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/

security.netapp.com/advisory/ntap-20191205-0001/

usn.ubuntu.com/4525-1/

usn.ubuntu.com/4526-1/

usn.ubuntu.com/4527-1/

Social References

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2019-19054

debiancve1 veracode1 nvd1 prion1 osv4 cvelist1 redhatcve1 ubuntucve1 nessus31 oraclelinux5 openvas32 ubuntu3 cloudfoundry1 amazon2 symantec1 fedora15 slackware1 suse1