Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19055

Опубликовано: 05 окт. 2019
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

A flaw was found in the Linux kernel. The Wireless configuration API functionality mishandles resource cleanup in nl80211_get_ftm_responder_stats function. An attacker able to trigger the resource cleanup code path could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

Отчет

This issue is rated as having Moderate impact because of the preconditions needed to trigger the resource cleanup code path.

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise MRG 2kernel-rtOut of support scope
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:406229.09.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:406029.09.2020
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:156728.04.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:176928.04.2020

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1775074kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS

EPSS

Процентиль: 28%
0.00097
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.5
ubuntu
больше 5 лет назад

** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred.

CVSS3: 5.5
nvd
больше 5 лет назад

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

CVSS3: 5.5
debian
больше 5 лет назад

A memory leak in the nl80211_get_ftm_responder_stats() function in net ...

CVSS3: 5.5
github
около 3 лет назад

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929.

CVSS3: 5.5
fstec
больше 5 лет назад

Уязвимость функции nl80211_get_ftm_responder_stats() (net/wireless/nl80211.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 28%
0.00097
Низкий

5.5 Medium

CVSS3