CVE-2019-17075

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.3.2

Description An issue was discovered in the write tpt entry function in drivers/infiniband/hw/cxgb4/mem.c. The cxgb4 driver is directly calling dma map single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. The issue is also described as a buffer overflow in memory, which could allow a remote attacker to cause a denial of service.

Recommendations For Linux kernel versions through 5.3.2, consider disabling the cxgb4 driver or restricting its use until a patch is available. As a temporary workaround, avoid using the dma map single function from stack variables in the write tpt entry function. However, since the exact steps to apply these workarounds are not specified and may require technical expertise, it is recommended to wait for an official patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.