CVE-2019-19047

Опубликовано: 18 нояб. 2019

Источник: redhat

CVSS3: 5.5

Описание

A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.

A flaw was found in the way the Mellanox 5th generation network adapters (ConnectX series) core driver in the Linux kernel handled resource cleanup in the mlx5_fw_fatal_reporter_dump function. This flaw allows an attacker with the ability to trigger errors in the mlx5_crdump_collect function to crash the system.

Отчет

This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path.

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mlx5_core. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel	Out of support scope
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2020:1567	28.04.2020
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2020:1769	28.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1774991kernel: dos in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c

5.5 Medium

CVSS3