PT-2019-4232 · Linux+5 · Linux Kernel+5

Will Dormann

·

Published

2019-09-10

·

Updated

2021-06-14

·

CVE-2019-19073

CVSS v3.1

4.0

Medium

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.11
Description The issue is related to memory leaks in the Linux kernel, specifically in the drivers/net/wireless/ath/ath9k/htc hst.c file. This can be exploited by attackers to cause a denial of service through memory consumption by triggering wait for completion timeout() failures. The functions affected include htc config pipe credits(), htc setup complete(), and htc connect service().
Recommendations For Linux kernel versions prior to 5.3.11, update to a version 5.3.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected driver file to minimize the risk of exploitation.

Fix

DoS

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

ALT-PU-2019-3180
ALT-PU-2019-3184
ALT-PU-2019-3268
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-04833
CESA-2020_1567
CESA-2020_1769
CVE-2019-19073
DLA-2420-1
DLA-2420-2
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020_1567
RHSA-2020_1769
SUSE-SU-2019:3200-1
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3379-1
SUSE-SU-2019:3381-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:14354-1
USN-4526-1
USN-4527-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu