← Back

CVE-2019-19054

nvd nist
Published: Nov 18, 2019Modified: Nov 21, 2024

JSON object

Loading...
4.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.0 / Impact: 3.6
Source: NVD

Description

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

Affected (38)

Show all products
Linux: Linux Kernel · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Opensuse: Leap · Broadcom: Brocade Fabric Operating System Firmware · Netapp: Active Iq Unified Manager, Aff Baseboard Management Controller, Cloud Backup, Data Availability Services, E Series Santricity Os Controller, Fas/aff Baseboard Management Controller, Hci Baseboard Management Controller, Solidfire, Enterprise Sds & Hci Storage Node, Solidfire & Hci Management Node, Steelstore Cloud Integrated Storage, Hci Compute Node Firmware, Solidfire Baseboard Management Controller Firmware
Linux
1 product
Linux Kernel
Canonical
1 product
Ubuntu Linux
Fedoraproject
1 product
Fedora
Opensuse
1 product
Leap
Broadcom
1 product
Brocade Fabric Operating System Firmware
Netapp
12 products
Active Iq Unified Manager
Aff Baseboard Management Controller
Cloud Backup
Data Availability Services
E Series Santricity Os Controller
Fas/aff Baseboard Management Controller
Hci Baseboard Management Controller
Solidfire, Enterprise Sds & Hci Storage Node
Solidfire & Hci Management Node
Steelstore Cloud Integrated Storage
Hci Compute Node Firmware
Solidfire Baseboard Management Controller Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
Up to 5.3.11
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 20.04
Fedoraproject
Fedora
Version 30
Fedora
Version 31
Leap
Version 15.1
Configuration C
28 vulnerable
Vulnerable SoftwareAffected Versions
Brocade Fabric Operating System Firmware
All versions
Active Iq Unified Manager
All versions
Aff Baseboard Management Controller
All versions
Cloud Backup
All versions
Data Availability Services
All versions
Netapp
E Series Santricity Os Controller
Version 11.0.0
E Series Santricity Os Controller
Version 11.0
E Series Santricity Os Controller
Version 11.20
E Series Santricity Os Controller
Version 11.25
E Series Santricity Os Controller
Version 11.30.5r3
E Series Santricity Os Controller
Version 11.30
E Series Santricity Os Controller
Version 11.40.3r2
E Series Santricity Os Controller
Version 11.40.5
E Series Santricity Os Controller
Version 11.40
E Series Santricity Os Controller
Version 11.50.1
E Series Santricity Os Controller
Version 11.50.2
E Series Santricity Os Controller
Version 11.50.2 p1
E Series Santricity Os Controller
Version 11.60.0
E Series Santricity Os Controller
Version 11.60.1
E Series Santricity Os Controller
Version 11.60.3
E Series Santricity Os Controller
Version 11.60
E Series Santricity Os Controller
Version 11.70.1
E Series Santricity Os Controller
Version 11.70.2
Fas/aff Baseboard Management Controller
All versions
Hci Baseboard Management Controller
Version h610s
Solidfire, Enterprise Sds & Hci Storage Node
All versions
Solidfire & Hci Management Node
All versions
Steelstore Cloud Integrated Storage
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hci Compute Node Firmware
All versions
Running on/withPlatform Versions
Netapp
Hci Compute Node
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Solidfire Baseboard Management Controller Firmware
All versions
Running on/withPlatform Versions
Netapp
Solidfire Baseboard Management Controller
All versions

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (16)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.