CVE-2019-19076Missing Release of Memory after Effective Lifetime in Kernel

CWE-401Missing Release of Memory after Effective LifetimeCWE-400Uncontrolled Resource Consumption11 documents9 sources
Severity
5.9MEDIUMNVD
OSV6.7
EPSS
2.3%
top 15.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxCanonical Ubuntu Linux+3 more
Timeline
PublishedNov 18
Latest updateMay 24

Description

A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.3.6
Debianlinux/linux_kernel< 5.3.7-1+3
debiandebian/linux< linux 5.3.7-1 (bookworm)

Also affects: Ubuntu Linux 18.04, 19.04, Enterprise Linux 8.0

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-wf7v-v54q-4q9x: A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls2022-05-24
Kernel
Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace"2019-12-10
OSV
linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities2019-12-02
OSV
CVE-2019-19076: A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls2019-11-18

📋Vendor Advisories

4
Ubuntu
Linux kernel vulnerabilities2019-12-02
Microsoft
A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consump2019-11-12
Red Hat
kernel: memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c leads to DoS2019-09-26
Debian
CVE-2019-19076: linux - A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/etherne...2019

💬Community

2
Bugzilla
CVE-2019-19076 kernel: memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c leads to DoS2019-11-26
Bugzilla
CVE-2019-19076 kernel: memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c leads to DoS [fedora-all]2019-11-26
CVE-2019-19076 — Linux Kernel vulnerability | cvebase