CVE-2019-8980
kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
Una fuga de memoria en la función kernel_read_file en fs/exec.c en el kernel de Linux, hasta la versión 4.20.11, permite que los atacantes provoquen una denegación de servicio (consumo de memoria) desencadenando errores en vfs_read.
A kernel memory leak was found in the kernel_read_file() function in the fs/exec.c file in the Linux kernel. An attacker could use this flaw to cause a memory leak and thus a denial of service (DoS).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-20 CVE Reserved
- 2019-02-21 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107120 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html | Mailing List |
|
| https://support.f5.com/csp/article/K56480726 | Third Party Advisory | |
| https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935698.html | X_refsource_misc | |
| https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1935705.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html | 2023-11-07 | |
| https://usn.ubuntu.com/3930-1 | 2023-11-07 | |
| https://usn.ubuntu.com/3930-2 | 2023-11-07 | |
| https://usn.ubuntu.com/3931-1 | 2023-11-07 | |
| https://usn.ubuntu.com/3931-2 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2019-8980 | 2020-04-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1679972 | 2020-04-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.7 < 4.9.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 4.9.163" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14 < 4.14.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.14.106" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19 < 4.19.28 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.28" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 4.20.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 4.20.15" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.0 < 5.0.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.0 < 5.0.1" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.1 Search vendor "Linux" for product "Linux Kernel" and version "5.1" | rc1 |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||