CVE-2019-19066

 

Published at: - 18-11-2019 07:15

Last modified: - 26-10-2022 01:44

Total changes: - 4

Description

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0
• FEDORA-2019-34a75d7e61-Mailing List, Third Party Advisory
• FEDORA-2019-021c968423-Mailing List, Third Party Advisory
• https://security.netapp.com/advisory/ntap-20191205-0001/
• [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update-Mailing List, Third Party Advisory
• USN-4286-2-Third Party Advisory
• [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update-Mailing List, Third Party Advisory
• USN-4286-1-Third Party Advisory
• openSUSE-SU-2020:0336-Mailing List, Third Party Advisory
• USN-4300-1-Third Party Advisory
• USN-4301-1-Third Party Advisory
• USN-4302-1-Third Party Advisory
• https://www.oracle.com/security-alerts/cpuApr2021.html

 

Keywords

NVD

 

CVE-2019-19066

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures