CVE-2019-19073 – kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)
https://notcve.org/view.php?id=CVE-2019-19073
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. Pérdidas de memoria en el archivo drivers/net/wireless/ath/ath9k/htc_hst.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función wait_for_completion_timeout(). Esto afecta la función htc_config_pipe_credits(), la función htc_setup_complete() y la función htc_connect_service(), también se conoce como CID-853acf7caf10. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://github.com/torvalds/linux/commit/853acf7caf10b828102d92d05b5c101666a6142b https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19072 – kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS
https://notcve.org/view.php?id=CVE-2019-19072
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. Una pérdida de memoria en la función predicate_parse() en el archivo kernel/trace/trace_events_filter.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-96c5c6e6a5b6. A flaw was found in the way the predicate_parse function in the tracing subsystem of the Linux kernel handled resource cleanup on error. This flaw allows an attacker with the ability to produce the error to crash the system. • https://github.com/torvalds/linux/commit/96c5c6e6a5b6db592acae039fed54b5c8844cd35 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4225-2 https://usn.ubuntu.com/4226-1 https://access.redhat.com/security/cve/CVE-201 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19071
https://notcve.org/view.php?id=CVE-2019-19071
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c. Una pérdida de memoria en la función rsi_send_beacon() en el archivo drivers/net/wireless/rsi/rsi_91x_mgmt.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función rsi_prepare_beacon(), también se conoce como CID -d563131ef23c. • https://github.com/torvalds/linux/commit/d563131ef23cbc756026f839a82598c8445bc45f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4258-1 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19070
https://notcve.org/view.php?id=CVE-2019-19070
A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began ** EN DISPUTA ** Una pérdida de memoria en la función spi_gpio_probe() en el archivo drivers/spi/spi-gpio.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función devm_add_action_or_reset(), también se conoce como CID-d3b0ffa1d75d. NOTA: Las partes cuestionan la relevancia de esto porque el sistema ya debe haberse quedado sin memoria antes de que comenzara la sonda. • https://bugzilla.suse.com/show_bug.cgi?id=1157294 https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-19069
https://notcve.org/view.php?id=CVE-2019-19069
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. Una pérdida de memoria en la función fastrpc_dma_buf_attach() en el archivo drivers/misc/fastrpc.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función dma_get_sgtable(), también se conoce como CID-fc739a058d99. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 • CWE-401: Missing Release of Memory after Effective Lifetime •