CVE-2019-19070

Опубликовано: 18 нояб. 2019

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 7.8

CVSS3: 7.5

Описание

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began

Релиз	Статус	Примечание
bionic	not-affected	4.13.0-16.19
devel	not-affected	5.4.0-9.12
disco	not-affected	4.18.0-10.11
eoan	not-affected	5.0.0-13.14
esm-infra-legacy/trusty	ignored	was needs-triage ESM criteria
esm-infra/bionic	not-affected	4.13.0-16.19
esm-infra/xenial	not-affected	4.2.0-16.19
precise/esm	ignored	end of life, was needs-triage
trusty	ignored	end of standard support
trusty/esm	ignored	end of ESM support, was ignored [was needs-triage ESM criteria]

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1001.1
devel	not-affected	5.4.0-1005.5
disco	not-affected	4.18.0-1002.3
eoan	not-affected	5.0.0-1004.4
esm-infra-legacy/trusty	ignored	was needs-triage ESM criteria
esm-infra/bionic	not-affected	4.15.0-1001.1
esm-infra/xenial	not-affected	4.4.0-1001.10
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	ignored	end of ESM support, was ignored [was needs-triage ESM criteria]

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.0.0-1021.24~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	5.0.0-1021.24~18.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	4.15.0-1030.31~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1002.2
devel	not-affected	5.4.0-1006.6
disco	not-affected	4.18.0-1003.3
eoan	not-affected	5.0.0-1004.4
esm-infra-legacy/trusty	ignored	was needs-triage ESM criteria
esm-infra/bionic	not-affected	4.15.0-1002.2
esm-infra/xenial	not-affected	4.11.0-1009.9
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	ignored	end of ESM support, was ignored [was needs-triage ESM criteria]

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.3.0-1007.8~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	5.3.0-1007.8~18.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	ignored	superseded by linux-azure-5.3, was needs-triage
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1001.1
devel	not-affected	5.4.0-1005.5
disco	not-affected	4.18.0-1002.3
eoan	not-affected	5.0.0-1004.4
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.15.0-1001.1
esm-infra/xenial	not-affected	4.10.0-1004.4
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.3.0-1008.9~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	5.3.0-1008.9~18.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	ignored	end of kernel support, was needs-triage
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1030.32
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.15.0-1030.32
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.0.0-1011.11~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.3.0-1011.12~18.04.1
devel	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.18.0-13.14~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.18.0-13.14~18.04.1
esm-infra/xenial	not-affected	4.8.0-36.36~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.0.0-15.16~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	5.0.0-15.16~18.04.1
esm-infra/xenial	ignored	superseded by linux-hwe, was needs-triage
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1002.2
devel	not-affected	5.4.0-1004.4
disco	not-affected	4.18.0-1003.3
eoan	not-affected	5.0.0-1004.4
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.15.0-1002.2
esm-infra/xenial	not-affected	4.4.0-1004.9
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
precise/esm	ignored	end of life, was needs-triage
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	ignored	was needs-triage ESM criteria
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	ignored	end of ESM support, was ignored [was needs-triage ESM criteria]
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1002.3
devel	DNE
disco	not-affected	4.15.0-1021.24
eoan	not-affected	4.15.0-1035.40
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.15.0-1002.3
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	not-affected	5.4.0-1002.4
eoan	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.0.0-1010.11
devel	DNE
disco	not-affected	5.0.0-1010.11
eoan	not-affected	5.0.0-1010.11
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.15.0-1007.9
devel	not-affected	5.4.0-1005.5
disco	not-affected	4.15.0-1007.9
eoan	not-affected	4.15.0-1011.13
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.15.0-1007.9
esm-infra/xenial	not-affected	4.15.0-1007.9~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.0.0-1007.12~18.04.1
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	5.0.0-1007.12~18.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.13.0-1005.5
devel	not-affected	5.4.0-1004.4
disco	not-affected	4.18.0-1005.7
eoan	not-affected	5.0.0-1006.6
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	not-affected	4.2.0-1013.19

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	5.3.0-1017.19~18.04.1
devel	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	4.4.0-1077.82
devel	DNE
disco	not-affected	5.0.0-1010.10
eoan	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	2.6.12~rc2
xenial	not-affected	4.4.0-1012.12

Показывать по

Ссылки на источники

EPSS

Процентиль: 71%

0.00678

Низкий

7.8 High

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-19070

CVSS3: 7.5

redhat

около 6 лет назад

CVE-2019-19070

CVSS3: 7.5

nvd

около 6 лет назад

CVE-2019-19070

CVSS3: 7.5

debian

около 6 лет назад

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio ...

GHSA-f888-6ph8-hvgc

CVSS3: 7.5

github

больше 3 лет назад

BDU:2019-04804

CVSS3: 7.5

fstec

больше 6 лет назад

Уязвимость функции spi_gpio_probe() (drivers/spi/spi-gpio.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 71%

0.00678

Низкий

7.8 High

CVSS2

7.5 High

CVSS3

CVE-2019-19070

Описание

Пакет linux

Пакет linux-aws

Пакет linux-aws-5.0

Пакет linux-aws-hwe

Пакет linux-azure

Пакет linux-azure-5.3

Пакет linux-azure-edge

Пакет linux-gcp

Пакет linux-gcp-5.3

Пакет linux-gcp-edge

Пакет linux-gke-4.15

Пакет linux-gke-5.0

Пакет linux-gke-5.3

Пакет linux-hwe

Пакет linux-hwe-edge

Пакет linux-kvm

Пакет linux-lts-trusty

Пакет linux-lts-xenial

Пакет linux-oem

Пакет linux-oem-5.4

Пакет linux-oem-osp1

Пакет linux-oracle

Пакет linux-oracle-5.0

Пакет linux-raspi2

Пакет linux-raspi2-5.3

Пакет linux-snapdragon

Ссылки на источники

Связанные уязвимости