Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-18806

Опубликовано: 07 окт. 2019
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.

A flaw was found in the way the QLogic QLA3xxx NIC HBA Driver in the Linux kernel handled resource cleanup on a DMA mapping error. This flaw allows an attacker able to trigger the DMA mapping error to crash the system.

Отчет

This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (DMA mapping error).

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module qla3xxx. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernelOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1777397kernel: memory leak in ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c

EPSS

Процентиль: 32%
0.00119
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-18806

CVSS3: 5.5
ubuntu
больше 5 лет назад

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.

nvd логотип

CVE-2019-18806

CVSS3: 5.5
nvd
больше 5 лет назад

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.

debian логотип

CVE-2019-18806

CVSS3: 5.5
debian
больше 5 лет назад

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ ...

github логотип

GHSA-9m44-5m43-4rmj

github
около 3 лет назад

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.

oracle-oval логотип

ELSA-2020-5645

oracle-oval
около 5 лет назад

ELSA-2020-5645: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 32%
0.00119
Низкий

5.5 Medium

CVSS3