CVE-2019-19069 : A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.

Published 2019-11-18 06:15:13

Updated 2021-06-22 14:47:56

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-19069

Linux » Linux Kernel
Versions from including (>=) 5.1 and before (<) 5.3.9
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.4 Update RC1
cpe:2.3:o:linux:linux_kernel:5.4:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.4 Update RC2
cpe:2.3:o:linux:linux_kernel:5.4:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.4 Update RC3
cpe:2.3:o:linux:linux_kernel:5.4:rc3:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Matching versions
Broadcom » Fabric Operating System » Version: N/A
cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0.0 and up to, including, (<=) 11.60.3
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Storage Node » Version: N/A
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Compute Node » Version: N/A
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Data Availability Services » Version: N/A
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
Matching versions
Netapp » Aff A700s Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A700s » Version: N/A
Netapp » Fas8300 Firmware » Version: N/A
cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas8300 » Version: N/A
Netapp » Fas8700 Firmware » Version: N/A
cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas8700 » Version: N/A
Netapp » Aff A400 Firmware » Version: N/A
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Aff A400 » Version: N/A
Netapp » H610s Firmware » Version: N/A
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610s » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-19069

EPSS FAQ

0.93%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 74 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-19069

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-19069

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-19069

https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9

misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach · torvalds/linux@fc739a0 · GitHub
Patch;Third Party Advisory
https://security.netapp.com/advisory/ntap-20191205-0001/

November 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4208-1/

USN-4208-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9

Release Notes;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-19069

Products affected by CVE-2019-19069

Exploit prediction scoring system (EPSS) score for CVE-2019-19069

CVSS scores for CVE-2019-19069

CWE ids for CVE-2019-19069

References for CVE-2019-19069