CVE-2019-15807
kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
En el kernel de Linux versiones anteriores a 5.1.13, se presenta una pérdida de memoria en la biblioteca drivers/scsi/libsas/sas_expander.c cuando no se detecta el expansor SAS. Esto provocará un BUG y una denegación de servicio.
A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sas_ex_discover_expander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability.
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, information leakage, memory leak, null pointer, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-29 CVE Reserved
- 2019-08-29 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 | Release Notes | |
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html | Mailing List |
|
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html | Mailing List |
|
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html | Mailing List |
|
https://security.netapp.com/advisory/ntap-20191004-0001 | Third Party Advisory |
|
https://support.f5.com/csp/article/K52136304?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-15807 | 2020-09-29 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1747216 | 2020-09-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.1.13 Search vendor "Linux" for product "Linux Kernel" and version " < 5.1.13" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|