CVE-2019-19067 — Missing Release of Memory after Effective Lifetime in Kernel
Severity
4.4MEDIUMNVD
OSV8.8OSV6.7OSV5.5
EPSS
0.1%
top 75.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 18
Latest updateMay 24
Description
Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Ubuntu Linux 18.04, 19.04, 19.10
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-r8f4-8q33-j98q: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp↗2022-05-24
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-09-23
OSV▶
linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities↗2020-01-07
OSV▶
CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp↗2019-11-18
📋Vendor Advisories
5💬Community
2Bugzilla▶
CVE-2019-19067 kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS↗2019-11-21
Bugzilla▶
CVE-2019-19067 kernel: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c allow for a DoS [fedora-all]↗2019-11-21