CVE-2019-19044Missing Release of Memory after Effective Lifetime in Kernel

CWE-401Missing Release of Memory after Effective LifetimeCWE-400Uncontrolled Resource Consumption9 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelCanonical Ubuntu LinuxNetapp E-series Santricity OS Controller+1 more
Timeline
PublishedNov 18
Latest updateMay 24

Description

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.35.3.11
Debianlinux/linux_kernel< 5.3.15-1+3

Also affects: Ubuntu Linux 18.04, 19.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-p29h-v652-9mxm: Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem2022-05-24
OSV
CVE-2019-19044: Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem2019-11-18
CVEList
CVE-2019-19044: Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem2019-11-18

📋Vendor Advisories

3
Ubuntu
Linux kernel vulnerabilities2020-01-07
Red Hat
kernel: dos in v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c2019-11-18
Debian
CVE-2019-19044: linux - Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3...2019

💬Community

2
Bugzilla
CVE-2019-19044 kernel: dos in v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c2019-11-21
Bugzilla
CVE-2019-19044 kernel: dos in v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c [fedora-all]2019-11-21
CVE-2019-19044 — Linux Kernel vulnerability | cvebase