PT-2019-4206 · Linux+5 · Linux Kernel+5

Publicado

2019-10-02

·

Atualizado

2024-08-05

·

CVE-2019-19067

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.8
Description The issue is related to four memory leaks in the acp hw init() function in the Linux kernel, which can cause a denial of service due to memory consumption. This can be triggered by failures in mfd add hotplug devices() or pm genpd add device(). Note that third parties dispute the relevance of this issue because the attacker must already have privileges for module loading.
Recommendations To resolve the issue, update to a version of the Linux kernel that is 5.3.8 or later. As a temporary workaround, consider restricting access to the acp hw init() function to minimize the risk of exploitation. Avoid triggering mfd add hotplug devices() or pm genpd add device() failures in the affected kernel versions.

Correção

DoS

Memory Leak

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401CWE-400

Identificadores relacionados

ALT-PU-2019-3059
ALT-PU-2019-3061
ALT-PU-2019-3066
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-04803
CESA-2020_1567
CESA-2020_1769
CVE-2019-19067
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020_1567
RHSA-2020_1769
SUSE-SU-2019:3200-1
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3381-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
USN-4208-1
USN-4226-1
USN-4526-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu