CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19081
https://notcve.org/view.php?id=CVE-2019-19081
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. Una pérdida de memoria en la función nfp_flower_spawn_vnic_reprs() en el archivo drivers/net/ethernet/netronome/nfp/flower/main.c en el kernel de Linux versiones anteriores a la versión 5.3.4, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-8ce39eb5a67a. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e https://security.netapp.com/advisory/ntap-20191205-0001 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19068 – kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS
https://notcve.org/view.php?id=CVE-2019-19068
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. Una pérdida de memoria en la función rtl8xxxu_submit_int_urb() en el archivo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función usb_submit_urb(), también se conoce como CID-a2cdd07488e6. A flaw was found in the Linux kernel. A memory leak in the realtek driver allows an attacker to cause a denial of service through memory consumption. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19066
https://notcve.org/view.php?id=CVE-2019-19066
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. Una pérdida de memoria en la función bfad_im_get_stats() en el archivo drivers/scsi/bfa/bfad_attr.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función de bfa_port_get_stats(), también se conoce como CID-0e62395da2bd. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19062 – kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
https://notcve.org/view.php?id=CVE-2019-19062
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. Una pérdida de memoria en la función crypto_report() en el archivo crypto/crypto_user_base.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función crypto_report_alg(), también se conoce como CID-ffdde5932042. A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/ffdde5932042600c6807d46c1550b28b0db6a3bc https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https:// • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2019-14818 – dpdk: possible memory leak leads to denial of service
https://notcve.org/view.php?id=CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. Se encontró un fallo en todas las versiones de dpdk 17.xx anteriores a 17.11.8, versiones 16.xx anteriores a 16.11.10, versiones 18.xx anteriores a 18.11.4 y versiones 19.xx anteriores a 19.08.1, donde un maestro malicioso o un contenedor con acceso al socket vhost_user, puede enviar mensajes de VRING_SET_NUM especialmente diseñados, resultando en una pérdida de memoria incluyendo descriptores de archivo. Este fallo podría conllevar a una condición de denegación de servicio. A flaw was found in dpdk where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. • https://access.redhat.com/errata/RHSA-2020:0165 https://access.redhat.com/errata/RHSA-2020:0166 https://access.redhat.com/errata/RHSA-2020:0168 https://access.redhat.com/errata/RHSA-2020:0171 https://access.redhat.com/errata/RHSA-2020:0172 https://bugs.dpdk.org/show_bug.cgi?id=363 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP https://access.redhat& • CWE-401: Missing Release of Memory after Effective Lifetime •