CVE-2019-18809

Опубликовано: 07 нояб. 2019

Источник: nvd

CVSS3: 4.6

CVSS2: 4.9

EPSS Низкий

Описание

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Third Party Advisory
https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/
https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory
https://usn.ubuntu.com/4285-1/
Third Party Advisory
https://usn.ubuntu.com/4287-1/
Third Party Advisory
https://usn.ubuntu.com/4287-2/
Third Party Advisory
https://usn.ubuntu.com/4300-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Third Party Advisory
https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/
https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory
https://usn.ubuntu.com/4285-1/
Third Party Advisory
https://usn.ubuntu.com/4287-1/
Third Party Advisory
https://usn.ubuntu.com/4287-2/
Third Party Advisory
https://usn.ubuntu.com/4300-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.3.9 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00091

Низкий

4.6 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-401

Связанные уязвимости

CVE-2019-18809

CVSS3: 4.6

ubuntu

больше 5 лет назад

CVE-2019-18809

CVSS3: 4.6

redhat

больше 5 лет назад

CVE-2019-18809

CVSS3: 4.6

debian

больше 5 лет назад

A memory leak in the af9005_identify_state() function in drivers/media ...

GHSA-3r38-cfr7-4765

github

около 3 лет назад

BDU:2019-04510

CVSS3: 4.6

fstec

больше 5 лет назад

Уязвимость функции af9005_identify_state() (drivers/media/usb/dvb-usb/af9005.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%

0.00091

Низкий

4.6 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-401