Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Broadcom
  • Brocade Fabric Operating System Firmware
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Linux
  • Linux Kernel
Netapp
  • Active Iq Unified Manager
  • Aff Baseboard Management Controller
  • Cloud Backup
  • Data Availability Services
  • E-series Santricity Os Controller
  • Fas\/aff Baseboard Management Controller
  • Hci Baseboard Management Controller
  • Hci Compute Node
  • Hci Compute Node Firmware
  • Solidfire\, Enterprise Sds \& Hci Storage Node
  • Solidfire \& Hci Management Node
  • Solidfire Baseboard Management Controller
  • Solidfire Baseboard Management Controller Firmware
  • Steelstore Cloud Integrated Storage
Opensuse
  • Leap
Redhat
  • Enterprise Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-193.rt13.51.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2020:1567 2020-04-28T00:00:00Z
kernel-0:4.18.0-193.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2020:1769 2020-04-28T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html cve-icon cve-icon
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html cve-icon cve-icon
https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-19057 cve-icon
https://seclists.org/bugtraq/2020/Jan/10 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20191205-0001/ cve-icon cve-icon
https://usn.ubuntu.com/4254-1/ cve-icon cve-icon
https://usn.ubuntu.com/4254-2/ cve-icon cve-icon
https://usn.ubuntu.com/4284-1/ cve-icon cve-icon
https://usn.ubuntu.com/4285-1/ cve-icon cve-icon
https://usn.ubuntu.com/4287-1/ cve-icon cve-icon
https://usn.ubuntu.com/4287-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-19057 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-18T05:23:57

Updated: 2024-08-05T02:09:39.338Z

Reserved: 2019-11-18T00:00:00

Link: CVE-2019-19057

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-18T06:15:12.140

Modified: 2023-11-07T03:07:24.680

Link: CVE-2019-19057

cve-icon Redhat

Severity : Low

Publid Date: 2019-11-21T00:00:00Z

Links: CVE-2019-19057 - Bugzilla