Vulnerability Details : CVE-2019-8980

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

Vulnerability category: Denial of service

Published 2019-02-21 05:29:01

Updated 2021-06-02 15:32:47

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-8980

Probability of exploitation activity in the next 30 days: 0.99%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-8980

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2019-8980

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Assigned by: [email protected] (Primary)

References for CVE-2019-8980

https://www.mail-archive.com/[email protected]/msg1935698.html

Exploit;Mailing List;Third Party Advisory
https://support.f5.com/csp/article/K56480726

Third Party Advisory
https://usn.ubuntu.com/3930-1/

Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3931-1/

Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3931-2/

Third Party Advisory

CVEs referencing this url
https://www.mail-archive.com/[email protected]/msg1935705.html

Exploit;Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3930-2/

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/107120

Third Party Advisory;VDB Entry

Products affected by CVE-2019-8980

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 4.20.15
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.7 and before (<) 4.9.163
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.19 and before (<) 4.19.28
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.14 and before (<) 4.14.106
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.0 and before (<) 5.0.1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.1 Update RC1
cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions