Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19068

Опубликовано: 21 нояб. 2019
Источник: redhat
CVSS3: 4.6
EPSS Низкий

Описание

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

A flaw was found in the Linux kernel. A memory leak in the realtek driver allows an attacker to cause a denial of service through memory consumption. The highest threat from this vulnerability is to system availability.

Отчет

This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (physical access and/or system-wide out-of-memory condition).

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8xxxu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2020:460904.11.2020
Red Hat Enterprise Linux 8kernelFixedRHSA-2020:443104.11.2020

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1774963kernel: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allows for a DoS

EPSS

Процентиль: 27%
0.00094
Низкий

4.6 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.6
ubuntu
больше 5 лет назад

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

CVSS3: 4.6
nvd
больше 5 лет назад

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

CVSS3: 4.6
debian
больше 5 лет назад

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net ...

github
около 3 лет назад

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.

CVSS3: 4.6
fstec
почти 6 лет назад

Уязвимость функции rtl8xxxu_submit_int_urb() (drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%
0.00094
Низкий

4.6 Medium

CVSS3