CVE-2019-16995

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.3

https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626

https://security.netapp.com/advisory/ntap-20191031-0005/

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html

Details

Source: MITRE

Published: 2019-09-30

Updated: 2021-07-21

Type: CWE-772

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 13

OR

cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
132925SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)NessusSuSE Local Security Checks
critical
132071SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)NessusSuSE Local Security Checks
high
132067Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4878)NessusOracle Linux Local Security Checks
low
131833SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)NessusSuSE Local Security Checks
high
131208OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0056)NessusOracleVM Local Security Checks
high
131174Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4850)NessusOracle Linux Local Security Checks
high
131120SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)NessusSuSE Local Security Checks
critical
131057openSUSE Security Update : the Linux Kernel (openSUSE-2019-2503)NessusSuSE Local Security Checks
high
130951SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)NessusSuSE Local Security Checks
high
130949SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)NessusSuSE Local Security Checks
critical
130947SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)NessusSuSE Local Security Checks
high
130946SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1)NessusSuSE Local Security Checks
high
130582openSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)NessusSuSE Local Security Checks
high