CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19068 – kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS
https://notcve.org/view.php?id=CVE-2019-19068
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. Una pérdida de memoria en la función rtl8xxxu_submit_int_urb() en el archivo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función usb_submit_urb(), también se conoce como CID-a2cdd07488e6. A flaw was found in the Linux kernel. A memory leak in the realtek driver allows an attacker to cause a denial of service through memory consumption. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-19067 – kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS
https://notcve.org/view.php?id=CVE-2019-19067
Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading ** EN DISPUTA ** Cuatro pérdidas de memoria en la función acp_hw_init() en el archivo drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c en el kernel de Linux versiones anteriores a la versión 5.3.8, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función mfd_add_hotplug_devices() o pm_genpd_add_device(), también se conoce como CID-57be09c6e874. NOTA: terceros discuten la relevancia de esto porque el atacante ya debe tener privilegios para cargar el módulo. A flaw was found in the Linux kernel. The acp_hw_init function fails to cleanup resources properly. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://bugzilla.suse.com/show_bug.cgi?id=1157180 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8 https://github.com/torvalds/linux/commit/57be09c6e8747bf48704136d9e3f92bfb93f5725 https://usn.ubuntu.com/4208-1 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4526-1 https://access.redhat.com/security/cve/CVE-2019-19067 https://bugzilla.redhat.com/show_bug.cgi?id=1774968 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19066
https://notcve.org/view.php?id=CVE-2019-19066
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. Una pérdida de memoria en la función bfad_im_get_stats() en el archivo drivers/scsi/bfa/bfad_attr.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función de bfa_port_get_stats(), también se conoce como CID-0e62395da2bd. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19065 – kernel: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allows for a DoS
https://notcve.org/view.php?id=CVE-2019-19065
A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem). ** EN DISPUTA ** Una pérdida de memoria en la función sdma_init () en drivers / infiniband / hw / hfi1 / sdma.c en el kernel de Linux anterior a la versión 5.3.9 permite a los atacantes causar una denegación de servicio (consumo de memoria) al activar rhashtable_init ( ) fallos, también conocido como CID-34b3be18a04e. NOTA: Esto se ha discutido como no una vulnerabilidad porque "rhashtable_init () solo puede fallar si se pasan valores no válidos en la estructura del segundo parámetro, pero cuando se invoca desde sdma_init () es un puntero a una estructura de const estática, por lo que un atacante "solo podría provocar una fallo si pudieran dañar la memoria del núcleo (en cuyo caso una pequeña pérdida de memoria no es un problema importante)". A flaw was found in the Linux kernel. The Intel OPA Gen1 driver mishandles resource cleanup. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 https://usn.ubuntu.com/4210-1 https://usn.ubuntu.com/4226-1 https://access.redhat.com/security/cve/CVE-2019-19065 https://bugzilla.redhat.com/show_bug.cgi?id=1775000 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19064
https://notcve.org/view.php?id=CVE-2019-19064
A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time Una pérdida de memoria en la función fsl_lpspi_probe() en el archivo drivers/spi/spi-fsl-lpspi.c en el kernel de Linux versiones hasta 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos en la función pm_runtime_get_sync(), también se conoce como CID -057b8945f78f. • https://bugzilla.suse.com/show_bug.cgi?id=1157300 https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://usn.ubuntu.com/4300-1 • CWE-401: Missing Release of Memory after Effective Lifetime •