CVE-2019-19060
Ubuntu Security Notice USN-4364-1
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3.
Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-18 CVE Reserved
- 2019-11-18 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20191205-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0 | 2023-01-19 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html | 2023-01-19 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | 2023-01-19 | |
| https://usn.ubuntu.com/4208-1 | 2023-01-19 | |
| https://usn.ubuntu.com/4210-1 | 2023-01-19 | |
| https://usn.ubuntu.com/4226-1 | 2023-01-19 | |
| https://usn.ubuntu.com/4364-1 | 2023-01-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Hci Compute Node Firmware Search vendor "Netapp" for product "Hci Compute Node Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 4.4.262 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 4.4.262" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.262 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.262" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.226" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.82 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.82" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.3.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.3.9" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Aff Baseboard Management Controller Search vendor "Netapp" for product "Aff Baseboard Management Controller" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Availability Services Search vendor "Netapp" for product "Data Availability Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.0.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.0.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.20 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.20" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.25 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.25" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.30 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.30" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.30.5r3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.30.5r3" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.40 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.40.3r2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40.3r2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.40.5 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40.5" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.50.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.2" | p1 |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.60 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.60.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.60.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.60.3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.3" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.70.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.70.1" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller" | 11.70.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.70.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Fas\/aff Baseboard Management Controller Search vendor "Netapp" for product "Fas\/aff Baseboard Management Controller" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h610s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h610s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Brocade Fabric Operating System Firmware Search vendor "Broadcom" for product "Brocade Fabric Operating System Firmware" | - | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||