Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19080

Опубликовано: 25 сент. 2019
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

A flaw was found in the way the NFP4000/NFP6000 TC Flower offload functionality in the Linux kernel handled memory cleanup on failures. This flaw allows an attacker to cause a denial of service and crash the system.

Отчет

This issue is rated as having Low impact because of the low memory conditions needed to trigger this issue.

Меры по смягчению последствий

To mitigate this issue, prevent module nfp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1776372kernel: memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c leads to DoS

EPSS

Процентиль: 79%
0.01243
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-19080

CVSS3: 5.9
ubuntu
около 6 лет назад

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

nvd логотип

CVE-2019-19080

CVSS3: 5.9
nvd
около 6 лет назад

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

debian логотип

CVE-2019-19080

CVSS3: 5.9
debian
около 6 лет назад

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in driv ...

github логотип

GHSA-9hfg-7492-qqv8

github
больше 3 лет назад

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

fstec логотип

BDU:2020-00121

CVSS3: 5.9
fstec
больше 6 лет назад

Уязвимость функции nfp_flower_spawn_phy_reprs() (drivers/net/ethernet/netronome/nfp/flower/main.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 79%
0.01243
Низкий

5.9 Medium

CVSS3