CVE-2019-19055 - A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Lin

CVE-2019-19055

Summary

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

References

Vulnerable Configurations

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.16.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.16.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.6:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.10:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:3.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.4.0-96.119:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.4.0-96.119:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.326:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.326:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.327:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.327:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.328:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.328:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.329:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14.329:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.285:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.285:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.286:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.286:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.287:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.287:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.288:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.288:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.289:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.289:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.290:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.290:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.291:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.291:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.292:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.292:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.293:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.293:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.294:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.294:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.295:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.295:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.296:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.296:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.297:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.297:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.298:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.298:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.299:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.299:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.300:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.300:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.301:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.301:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.302:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.302:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.303:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.303:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.304:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.304:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.305:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.305:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.306:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.19.306:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 11-04-2024 - 01:04)
Impact:
Exploitability:

CWE

CWE-401

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

redhat via4

rpms

kernel-rt-0:4.18.0-193.rt13.51.el8
kernel-rt-core-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-core-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-debuginfo-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-devel-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-kvm-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-modules-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-modules-extra-0:4.18.0-193.rt13.51.el8
kernel-rt-debuginfo-0:4.18.0-193.rt13.51.el8
kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.rt13.51.el8
kernel-rt-devel-0:4.18.0-193.rt13.51.el8
kernel-rt-kvm-0:4.18.0-193.rt13.51.el8
kernel-rt-modules-0:4.18.0-193.rt13.51.el8
kernel-rt-modules-extra-0:4.18.0-193.rt13.51.el8
bpftool-0:4.18.0-193.el8
bpftool-debuginfo-0:4.18.0-193.el8
kernel-0:4.18.0-193.el8
kernel-abi-whitelists-0:4.18.0-193.el8
kernel-core-0:4.18.0-193.el8
kernel-cross-headers-0:4.18.0-193.el8
kernel-debug-0:4.18.0-193.el8
kernel-debug-core-0:4.18.0-193.el8
kernel-debug-debuginfo-0:4.18.0-193.el8
kernel-debug-devel-0:4.18.0-193.el8
kernel-debug-modules-0:4.18.0-193.el8
kernel-debug-modules-extra-0:4.18.0-193.el8
kernel-debuginfo-0:4.18.0-193.el8
kernel-debuginfo-common-aarch64-0:4.18.0-193.el8
kernel-debuginfo-common-ppc64le-0:4.18.0-193.el8
kernel-debuginfo-common-s390x-0:4.18.0-193.el8
kernel-debuginfo-common-x86_64-0:4.18.0-193.el8
kernel-devel-0:4.18.0-193.el8
kernel-doc-0:4.18.0-193.el8
kernel-headers-0:4.18.0-193.el8
kernel-modules-0:4.18.0-193.el8
kernel-modules-extra-0:4.18.0-193.el8
kernel-tools-0:4.18.0-193.el8
kernel-tools-debuginfo-0:4.18.0-193.el8
kernel-tools-libs-0:4.18.0-193.el8
kernel-tools-libs-devel-0:4.18.0-193.el8
kernel-zfcpdump-0:4.18.0-193.el8
kernel-zfcpdump-core-0:4.18.0-193.el8
kernel-zfcpdump-debuginfo-0:4.18.0-193.el8
kernel-zfcpdump-devel-0:4.18.0-193.el8
kernel-zfcpdump-modules-0:4.18.0-193.el8
kernel-zfcpdump-modules-extra-0:4.18.0-193.el8
perf-0:4.18.0-193.el8
perf-debuginfo-0:4.18.0-193.el8
python3-perf-0:4.18.0-193.el8
python3-perf-debuginfo-0:4.18.0-193.el8
bpftool-0:3.10.0-1160.el7
bpftool-debuginfo-0:3.10.0-1160.el7
kernel-0:3.10.0-1160.el7
kernel-abi-whitelists-0:3.10.0-1160.el7
kernel-bootwrapper-0:3.10.0-1160.el7
kernel-debug-0:3.10.0-1160.el7
kernel-debug-debuginfo-0:3.10.0-1160.el7
kernel-debug-devel-0:3.10.0-1160.el7
kernel-debuginfo-0:3.10.0-1160.el7
kernel-debuginfo-common-ppc64-0:3.10.0-1160.el7
kernel-debuginfo-common-ppc64le-0:3.10.0-1160.el7
kernel-debuginfo-common-s390x-0:3.10.0-1160.el7
kernel-debuginfo-common-x86_64-0:3.10.0-1160.el7
kernel-devel-0:3.10.0-1160.el7
kernel-doc-0:3.10.0-1160.el7
kernel-headers-0:3.10.0-1160.el7
kernel-kdump-0:3.10.0-1160.el7
kernel-kdump-debuginfo-0:3.10.0-1160.el7
kernel-kdump-devel-0:3.10.0-1160.el7
kernel-tools-0:3.10.0-1160.el7
kernel-tools-debuginfo-0:3.10.0-1160.el7
kernel-tools-libs-0:3.10.0-1160.el7
kernel-tools-libs-devel-0:3.10.0-1160.el7
perf-0:3.10.0-1160.el7
perf-debuginfo-0:3.10.0-1160.el7
python-perf-0:3.10.0-1160.el7
python-perf-debuginfo-0:3.10.0-1160.el7
kernel-rt-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-devel-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-kvm-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debug-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.rt56.1131.el7
kernel-rt-devel-0:3.10.0-1160.rt56.1131.el7
kernel-rt-doc-0:3.10.0-1160.rt56.1131.el7
kernel-rt-kvm-0:3.10.0-1160.rt56.1131.el7
kernel-rt-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-debuginfo-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-devel-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-kvm-0:3.10.0-1160.rt56.1131.el7
kernel-rt-trace-kvm-debuginfo-0:3.10.0-1160.rt56.1131.el7

refmap via4

fedora	FEDORA-2019-021c968423 FEDORA-2019-34a75d7e61
misc	https://bugzilla.suse.com/show_bug.cgi?id=1157319 https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57
ubuntu	USN-4225-1 USN-4225-2 USN-4226-1

Last major update

11-04-2024 - 01:04

Published

18-11-2019 - 06:15

Last modified

11-04-2024 - 01:04