CVE-2019-19055

Опубликовано: 18 нояб. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1157319
Issue Tracking
Third Party Advisory
https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
https://usn.ubuntu.com/4225-1/
Third Party Advisory
https://usn.ubuntu.com/4225-2/
Third Party Advisory
https://usn.ubuntu.com/4226-1/
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1157319
Issue Tracking
Third Party Advisory
https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
https://usn.ubuntu.com/4225-1/
Third Party Advisory
https://usn.ubuntu.com/4225-2/
Third Party Advisory
https://usn.ubuntu.com/4226-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.3.11 (включая)

EPSS

Процентиль: 28%

0.00097

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-401

Связанные уязвимости

CVE-2019-19055

CVSS3: 5.5

ubuntu

больше 5 лет назад

** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred.

CVE-2019-19055

CVSS3: 5.5

redhat

больше 5 лет назад

CVE-2019-19055

CVSS3: 5.5

debian

больше 5 лет назад

A memory leak in the nl80211_get_ftm_responder_stats() function in net ...

GHSA-qrpx-wvjr-v7ch

CVSS3: 5.5

github

около 3 лет назад

BDU:2019-04664

CVSS3: 5.5

fstec

больше 5 лет назад

Уязвимость функции nl80211_get_ftm_responder_stats() (net/wireless/nl80211.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%

0.00097

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-401