CVE-2019-19073

Published: Nov 18, 2019Modified: Nov 21, 2024

4.0

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.5 / Impact: 1.4

Source: NVD

Description

Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.

Affected (4)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 5.3.11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31
Opensuse Leap	Version 15.1

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (20)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/torvalds/linux/commit/853acf7caf10b828102d92d05b5c101666a6142b

Source: cve@mitre.org

PatchRelease Notes

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20191205-0001/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4526-1/

Source: cve@mitre.org

https://usn.ubuntu.com/4527-1/

Source: cve@mitre.org

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/torvalds/linux/commit/853acf7caf10b828102d92d05b5c101666a6142b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease Notes

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20191205-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4526-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4527-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.