PT-2019-4212 · Linux+3 · Linux Kernel+3

Publicado

2019-09-30

·

Atualizado

2021-06-14

·

CVE-2019-19066

CVSS v3.1

4.7

Média

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.11
Description A memory leak in the bfad im get stats() function allows attackers to cause a denial of service by triggering bfa port get stats() failures. This issue is related to an uncontrolled resource consumption in the Linux kernel.
Recommendations For Linux kernel versions prior to 5.3.11, update to a version 5.3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the bfad im get stats() function to minimize the risk of exploitation.

Correção

DoS

Memory Leak

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401CWE-400

Identificadores relacionados

ALT-PU-2019-3180
ALT-PU-2019-3184
ALT-PU-2019-3268
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-04809
CVE-2019-19066
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020_0336-1
SUSE-SU-2019:3381-1
SUSE-SU-2019:3389-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0511-1
SUSE-SU-2020:0559-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:14354-1
USN-4286-1
USN-4286-2
USN-4300-1
USN-4301-1
USN-4302-1

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu