Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Broadcom Subscribe
Brocade Fabric Operating System Firmware Subscribe
Canonical Subscribe
Ubuntu Linux Subscribe
Debian Subscribe
Debian Linux Subscribe
Fedoraproject Subscribe
Fedora Subscribe
Linux Subscribe
Linux Kernel Subscribe
Netapp Subscribe
Active Iq Unified Manager Subscribe
Aff Baseboard Management Controller Subscribe
Cloud Backup Subscribe
Data Availability Services Subscribe
E-series Santricity Os Controller Subscribe
Fas\/aff Baseboard Management Controller Subscribe
Hci Baseboard Management Controller Subscribe
Hci Compute Node Subscribe
Hci Compute Node Firmware Subscribe
Solidfire\, Enterprise Sds \& Hci Storage Node Subscribe
Solidfire \& Hci Management Node Subscribe
Solidfire Baseboard Management Controller Subscribe
Solidfire Baseboard Management Controller Firmware Subscribe
Steelstore Cloud Integrated Storage Subscribe
Opensuse Subscribe
Leap Subscribe
Redhat Subscribe
Enterprise Linux Subscribe

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-193.rt13.51.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2020:1567 2020-04-28T00:00:00Z
kernel-0:4.18.0-193.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2020:1769 2020-04-28T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-2068-1 linux security update
Debian DLA Debian DLA DLA-2114-1 linux-4.9 security update
EUVD EUVD EUVD-2019-8696 Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
Ubuntu USN Ubuntu USN USN-4254-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4254-2 Linux kernel (Xenial HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-4284-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4285-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4287-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-4287-2 Linux kernel (Azure) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html cve-icon cve-icon
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html cve-icon cve-icon
https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-19057 cve-icon
https://seclists.org/bugtraq/2020/Jan/10 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20191205-0001/ cve-icon cve-icon
https://usn.ubuntu.com/4254-1/ cve-icon cve-icon
https://usn.ubuntu.com/4254-2/ cve-icon cve-icon
https://usn.ubuntu.com/4284-1/ cve-icon cve-icon
https://usn.ubuntu.com/4285-1/ cve-icon cve-icon
https://usn.ubuntu.com/4287-1/ cve-icon cve-icon
https://usn.ubuntu.com/4287-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-19057 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T02:09:39.338Z

Reserved: 2019-11-18T00:00:00

Link: CVE-2019-19057

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-18T06:15:12.140

Modified: 2024-11-21T04:34:05.587

Link: CVE-2019-19057

cve-icon Redhat

Severity : Low

Publid Date: 2019-11-21T00:00:00Z

Links: CVE-2019-19057 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses