CVE-2019-16994
kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
Severity Score
Exploit Likelihood
Affected Versions
3Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
En el kernel de Linux versiones anteriores a 5.0, se presenta una pérdida de memoria en la función sit_init_net() en el archivo net/ipv6/sit.c cuando la función register_netdev() no puede registrar sitn-)fb_tunnel_dev, lo que puede causar una denegación de servicio, también se conoce como CID-07f12b26e21a.
A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system.
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, bypass, denial of service, information leakage, memory leak, null pointer, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-09-30 CVE Reserved
- 2019-09-30 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-... | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-... | 2021-07-21 | |
| https://access.redhat.com/security/cve/CVE-2019-16994 | 2020-09-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1759681 | 2020-09-29 |