PT-2019-4206 · Linux+5 · Linux Kernel+5

Published

2019-10-02

·

Updated

2024-08-05

·

CVE-2019-19067

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.8
Description The issue is related to four memory leaks in the acp hw init() function in the Linux kernel, which can cause a denial of service due to memory consumption. This can be triggered by failures in mfd add hotplug devices() or pm genpd add device(). Note that third parties dispute the relevance of this issue because the attacker must already have privileges for module loading.
Recommendations To resolve the issue, update to a version of the Linux kernel that is 5.3.8 or later. As a temporary workaround, consider restricting access to the acp hw init() function to minimize the risk of exploitation. Avoid triggering mfd add hotplug devices() or pm genpd add device() failures in the affected kernel versions.

Fix

DoS

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

ALT-PU-2019-3059
ALT-PU-2019-3061
ALT-PU-2019-3066
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-04803
CESA-2020_1567
CESA-2020_1769
CVE-2019-19067
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020_1567
RHSA-2020_1769
SUSE-SU-2019:3200-1
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3381-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
USN-4208-1
USN-4226-1
USN-4526-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu