Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Broadcom
  • Brocade Fabric Operating System Firmware
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Linux
  • Linux Kernel
Netapp
  • Active Iq Unified Manager
  • Aff Baseboard Management Controller
  • Cloud Backup
  • Data Availability Services
  • E-series Santricity Os Controller
  • Fas\/aff Baseboard Management Controller
  • Hci Baseboard Management Controller
  • Hci Compute Node
  • Hci Compute Node Firmware
  • Solidfire\, Enterprise Sds \& Hci Storage Node
  • Solidfire \& Hci Management Node
  • Solidfire Baseboard Management Controller
  • Solidfire Baseboard Management Controller Firmware
  • Steelstore Cloud Integrated Storage
Opensuse
  • Leap
Redhat
  • Enterprise Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-193.rt13.51.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2020:1567 2020-04-28T00:00:00Z
kernel-0:4.18.0-193.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2020:1769 2020-04-28T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-2068-1 linux security update
Debian DLA Debian DLA DLA-2114-1 linux-4.9 security update
EUVD EUVD EUVD-2019-8696 Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
Ubuntu USN Ubuntu USN USN-4254-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4254-2 Linux kernel (Xenial HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-4284-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4285-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4287-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4287-2 Linux kernel (Azure) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html cve-icon cve-icon
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html cve-icon cve-icon
https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-19057 cve-icon
https://seclists.org/bugtraq/2020/Jan/10 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20191205-0001/ cve-icon cve-icon
https://usn.ubuntu.com/4254-1/ cve-icon cve-icon
https://usn.ubuntu.com/4254-2/ cve-icon cve-icon
https://usn.ubuntu.com/4284-1/ cve-icon cve-icon
https://usn.ubuntu.com/4285-1/ cve-icon cve-icon
https://usn.ubuntu.com/4287-1/ cve-icon cve-icon
https://usn.ubuntu.com/4287-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-19057 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T02:09:39.338Z

Reserved: 2019-11-18T00:00:00

Link: CVE-2019-19057

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-18T06:15:12.140

Modified: 2024-11-21T04:34:05.587

Link: CVE-2019-19057

cve-icon Redhat

Severity : Low

Publid Date: 2019-11-21T00:00:00Z

Links: CVE-2019-19057 - Bugzilla

cve-icon OpenCVE Enrichment

No data.