OpenCVE

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Brocade Fabric Operating System Firmware
Canonical	Ubuntu Linux
Linux	Linux Kernel
Netapp	Active Iq Unified Manager Aff Baseboard Management Controller Cloud Backup Data Availability Services E-series Santricity Os Controller Fas\/aff Baseboard Management Controller Hci Baseboard Management Controller Hci Compute Node Hci Compute Node Firmware Solidfire\, Enterprise Sds \& Hci Storage Node Solidfire \& Hci Management Node Solidfire Baseboard Management Controller Solidfire Baseboard Management Controller Firmware Steelstore Cloud Integrated Storage

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:aff_baseboard_management_controller:-:::::::*
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-::::::
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1::::::
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:::::::*
	cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:::::::*
	cpe:2.3:a:netapp:fas\/aff_baseboard_management_controller:-:::::::*
	cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:::::::*
	cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873
https://nvd.nist.gov/vuln/detail/CVE-2019-19061
https://security.netapp.com/advisory/ntap-20191205-0001/
https://usn.ubuntu.com/4208-1/
https://usn.ubuntu.com/4526-1/
https://www.cve.org/CVERecord?id=CVE-2019-19061

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-18T05:24:03

Updated: 2024-08-05T02:09:38.231Z

Reserved: 2019-11-18T00:00:00

Link: CVE-2019-19061

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-18T06:15:12.403

Modified: 2023-01-19T20:08:29.547

Link: CVE-2019-19061

Redhat

Severity : Important

Publid Date: 2019-11-21T00:00:00Z

Links: CVE-2019-19061 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object