Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-19081

Опубликовано: 25 сент. 2019
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

A flaw was found in the way the NFP4000/NFP6000 TC Flower offload functionality in the Linux kernel handled memory cleanup on failures. This flaw allows an attacker to cause a denial of service and crash the system.

Отчет

This issue is rated as having Low impact because of the low memory conditions needed to trigger this issue.

Меры по смягчению последствий

To mitigate this issue, prevent module nfp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1776375kernel: memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c leads to DoS

EPSS

Процентиль: 78%
0.01243
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.9
ubuntu
больше 5 лет назад

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

CVSS3: 5.9
nvd
больше 5 лет назад

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

CVSS3: 5.9
debian
больше 5 лет назад

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers ...

github
около 3 лет назад

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

CVSS3: 5.9
fstec
почти 6 лет назад

Уязвимость функции nfp_flower_spawn_vnic_reprs() (drivers/net/ethernet/netronome/nfp/flower/main.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01243
Низкий

5.9 Medium

CVSS3