Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-20096

Опубликовано: 30 дек. 2019
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

A flaw was found in the Linux kernel’s implementation of the Datagram Congestion Control Protocol (DCCP). A local attacker with access to the system can create DCCP sockets to cause a memory leak and repeat this operation to exhaust all memory and panic the system.

Меры по смягчению последствий

As the DCCP module will be auto-loaded when required, its use can be disabled. Red Hat Enterprise Linux 7.5 (and later) and 8.0 (and later) already have this disabled, but for any other version, the system can prevent the module from loading with the following instructions :

echo "install dccp /bin/true" >> /etc/modprobe.d/disable-dccp.conf

The system will need to be restarted if the DCCP modules are loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelFix deferred
Red Hat Enterprise Linux 7kernelFix deferred
Red Hat Enterprise Linux 7kernel-altFix deferred
Red Hat Enterprise Linux 7kernel-rtFix deferred
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-772
https://bugzilla.redhat.com/show_bug.cgi?id=1791959kernel: memory leak in __feat_register_sp() in net/dccp/feat.c

EPSS

Процентиль: 23%
0.00075
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-20096

CVSS3: 5.5
ubuntu
больше 5 лет назад

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

nvd логотип

CVE-2019-20096

CVSS3: 5.5
nvd
больше 5 лет назад

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

debian логотип

CVE-2019-20096

CVSS3: 5.5
debian
больше 5 лет назад

In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...

github логотип

GHSA-m85g-mhqp-wcwm

CVSS3: 5.5
github
около 3 лет назад

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

fstec логотип

BDU:2020-00358

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость функции __feat_register_sp() ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 23%
0.00075
Низкий

5.5 Medium

CVSS3