PT-2019-4209 · Linux+5 · Linux Kernel+5

Published

2019-10-09

·

Updated

2021-05-28

·

CVE-2019-19058

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.11
Description A memory leak in the alloc sgtable() function in the Linux kernel allows attackers to cause a denial of service (memory consumption) by triggering alloc page() failures. This issue is related to the drivers/net/wireless/intel/iwlwifi/fw/dbg.c file. The vulnerability can be exploited by remote attackers to cause a denial of service.
Recommendations For Linux kernel versions prior to 5.3.11, update to a version that includes the fix for this issue to prevent memory leaks and potential denial of service attacks. As a temporary workaround, consider restricting access to the alloc sgtable() function to minimize the risk of exploitation.

Fix

DoS

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

ALT-PU-2019-3180
ALT-PU-2019-3184
ALT-PU-2019-3268
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-04806
CESA-2020_1567
CESA-2020_1769
CESA-2020_4060
CVE-2019-19058
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_1567
RHSA-2020_1769
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2019:3200-1
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3381-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
USN-4300-1
USN-4301-1
USN-4302-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu