CVE-2019-19065 - A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel b

CVE-2019-19065

Summary

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem).

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

CVSS

Base:	4.7 (as of 11-04-2024 - 01:04)
Impact:
Exploitability:

CWE

CWE-401

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:C

redhat via4

rpms

kernel-rt-0:4.18.0-193.rt13.51.el8
kernel-rt-core-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-core-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-debuginfo-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-devel-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-kvm-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-modules-0:4.18.0-193.rt13.51.el8
kernel-rt-debug-modules-extra-0:4.18.0-193.rt13.51.el8
kernel-rt-debuginfo-0:4.18.0-193.rt13.51.el8
kernel-rt-debuginfo-common-x86_64-0:4.18.0-193.rt13.51.el8
kernel-rt-devel-0:4.18.0-193.rt13.51.el8
kernel-rt-kvm-0:4.18.0-193.rt13.51.el8
kernel-rt-modules-0:4.18.0-193.rt13.51.el8
kernel-rt-modules-extra-0:4.18.0-193.rt13.51.el8
bpftool-0:4.18.0-193.el8
bpftool-debuginfo-0:4.18.0-193.el8
kernel-0:4.18.0-193.el8
kernel-abi-whitelists-0:4.18.0-193.el8
kernel-core-0:4.18.0-193.el8
kernel-cross-headers-0:4.18.0-193.el8
kernel-debug-0:4.18.0-193.el8
kernel-debug-core-0:4.18.0-193.el8
kernel-debug-debuginfo-0:4.18.0-193.el8
kernel-debug-devel-0:4.18.0-193.el8
kernel-debug-modules-0:4.18.0-193.el8
kernel-debug-modules-extra-0:4.18.0-193.el8
kernel-debuginfo-0:4.18.0-193.el8
kernel-debuginfo-common-aarch64-0:4.18.0-193.el8
kernel-debuginfo-common-ppc64le-0:4.18.0-193.el8
kernel-debuginfo-common-s390x-0:4.18.0-193.el8
kernel-debuginfo-common-x86_64-0:4.18.0-193.el8
kernel-devel-0:4.18.0-193.el8
kernel-doc-0:4.18.0-193.el8
kernel-headers-0:4.18.0-193.el8
kernel-modules-0:4.18.0-193.el8
kernel-modules-extra-0:4.18.0-193.el8
kernel-tools-0:4.18.0-193.el8
kernel-tools-debuginfo-0:4.18.0-193.el8
kernel-tools-libs-0:4.18.0-193.el8
kernel-tools-libs-devel-0:4.18.0-193.el8
kernel-zfcpdump-0:4.18.0-193.el8
kernel-zfcpdump-core-0:4.18.0-193.el8
kernel-zfcpdump-debuginfo-0:4.18.0-193.el8
kernel-zfcpdump-devel-0:4.18.0-193.el8
kernel-zfcpdump-modules-0:4.18.0-193.el8
kernel-zfcpdump-modules-extra-0:4.18.0-193.el8
perf-0:4.18.0-193.el8
perf-debuginfo-0:4.18.0-193.el8
python3-perf-0:4.18.0-193.el8
python3-perf-debuginfo-0:4.18.0-193.el8

refmap via4

confirm	https://security.netapp.com/advisory/ntap-20191205-0001/
misc	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/34b3be18a04ecdc610aae4c48e5d1b799d8689f6
suse	openSUSE-SU-2019:2675
ubuntu	USN-4208-1 USN-4210-1 USN-4226-1

Last major update

11-04-2024 - 01:04

Published

18-11-2019 - 06:15

Last modified

11-04-2024 - 01:04