Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19063

Опубликовано: 21 нояб. 2019
Источник: redhat
CVSS3: 4.6

Описание

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.

Отчет

This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise MRG 2kernel-rtOut of support scope
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:406229.09.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:406029.09.2020
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:460904.11.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:443104.11.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1775015kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS

4.6 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.6
ubuntu
больше 5 лет назад

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

CVSS3: 4.6
nvd
больше 5 лет назад

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

CVSS3: 4.6
debian
больше 5 лет назад

Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...

CVSS3: 4.6
github
около 3 лет назад

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.

CVSS3: 4.6
fstec
почти 6 лет назад

Уязвимость функции rtl_usb_probe() (drivers/net/wireless/realtek/rtlwifi/usb.c ) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

4.6 Medium

CVSS3