CVE-2019-19053

Ubuntu Security Notice USN-4300-1

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.

Una pérdida de memoria en la función rpmsg_eptdev_write_iter() en el archivo drivers/rpmsg/rpmsg_char.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función copy_from_iter_full(), también se conoce como CID-bbe692e349e2.

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-11-18 CVE Reserved
2019-11-18 CVE Published
2024-08-05 CVE Updated
2025-04-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (4)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20191205-0001	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51	2023-01-19

URL	Date	SRC
https://usn.ubuntu.com/4300-1	2023-01-19
https://usn.ubuntu.com/4301-1	2023-01-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller"	-	-	Safe
Netapp Search vendor "Netapp"	Hci Compute Node Firmware Search vendor "Netapp" for product "Hci Compute Node Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node"	-	-	Safe
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.12"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Aff Baseboard Management Controller Search vendor "Netapp" for product "Aff Baseboard Management Controller"				-		-		Affected
Netapp Search vendor "Netapp"		Cloud Backup Search vendor "Netapp" for product "Cloud Backup"				-		-		Affected
Netapp Search vendor "Netapp"		Data Availability Services Search vendor "Netapp" for product "Data Availability Services"				-		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.0.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.0.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.20 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.20"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.25 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.25"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.30 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.30"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.30.5r3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.30.5r3"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.40 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.40.3r2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40.3r2"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.40.5 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40.5"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.50.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.2"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.2"		p1		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60.3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.3"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.70.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.70.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.70.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.70.2"		-		Affected
Netapp Search vendor "Netapp"		Fas\/aff Baseboard Management Controller Search vendor "Netapp" for product "Fas\/aff Baseboard Management Controller"				-		-		Affected
Netapp Search vendor "Netapp"		Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller"				h610s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h610s"		-		Affected
Netapp Search vendor "Netapp"		Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage"				-		-		Affected
Broadcom Search vendor "Broadcom"		Brocade Fabric Operating System Firmware Search vendor "Broadcom" for product "Brocade Fabric Operating System Firmware"				-		-		Affected