CVE-2019-19074 — Missing Release of Memory after Effective Lifetime in Kernel

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents7 sources

Severity

7.5HIGHNVD

OSV5.5OSV4.7

EPSS

0.5%

top 35.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +1 more

Timeline

PublishedNov 18

Latest updateMay 24

Description

A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel4.5 — 4.9.233+4

▶Debianlinux/linux_kernel< 5.4.6-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-190.220+1

▶debiandebian/linux< linux 5.4.6-1 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-q867-j66r-989p: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi↗2022-05-24

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities↗2020-09-24

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-09-23

▶

OSV

CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi↗2019-11-18

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2020-09-24

▶

Ubuntu

Linux kernel vulnerabilities↗2020-09-23

▶

Red Hat

kernel: a memory leak in the ath9k management function in allows local DoS↗2019-11-21

▶

Debian

CVE-2019-19074: linux - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/...↗2019

▶

💬Community

Bugzilla

CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS↗2019-11-21

▶

Bugzilla

CVE-2019-19074 kernel: a memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allows DoS [fedora-all]↗2019-11-21

▶