CVE-2019-19046

MEDIUM

Description

** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.

References

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

https://bugzilla.suse.com/show_bug.cgi?id=1157304

https://github.com/torvalds/linux/commit/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab

https://lists.fedoraproject.org/archives/list/[email protected]/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/

https://lists.fedoraproject.org/archives/list/[email protected]/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/

https://usn.ubuntu.com/4302-1/

https://usn.ubuntu.com/4319-1/

https://usn.ubuntu.com/4325-1/

Details

Source: MITRE

Published: 2019-11-18

Updated: 2020-08-24

Type: CWE-401

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
147318NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0078)NessusNewStart CGSL Local Security Checks
high
145806CentOS 8 : kernel (CESA-2020:4431)NessusCentOS Local Security Checks
high
144554RHEL 7 : kernel (RHSA-2020:5656)NessusRed Hat Local Security Checks
high
143241RHEL 7 : kernel (RHSA-2020:5206)NessusRed Hat Local Security Checks
medium
142430RHEL 8 : kernel (RHSA-2020:4431)NessusRed Hat Local Security Checks
high
142382RHEL 8 : kernel-rt (RHSA-2020:4609)NessusRed Hat Local Security Checks
high
141727Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141619CentOS 7 : kernel (CESA-2020:4060)NessusCentOS Local Security Checks
high
141057RHEL 7 : kernel (RHSA-2020:4060)NessusRed Hat Local Security Checks
high
141026RHEL 7 : kernel-rt (RHSA-2020:4062)NessusRed Hat Local Security Checks
high
139809RHEL 7 : kernel-alt (RHSA-2020:3545)NessusRed Hat Local Security Checks
medium
135286Ubuntu 18.04 LTS : linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0 (USN-4325-1)NessusUbuntu Local Security Checks
low
135270Ubuntu 18.04 LTS / 19.10 : Linux kernel vulnerabilities (USN-4319-1)NessusUbuntu Local Security Checks
low
134874Photon OS 3.0: Linux PHSA-2020-3.0-0069NessusPhotonOS Local Security Checks
low
134660Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4302-1)NessusUbuntu Local Security Checks
low
134363SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)NessusSuSE Local Security Checks
critical
132925SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)NessusSuSE Local Security Checks
critical
132605EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)NessusHuawei Local Security Checks
critical
132237SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1)NessusSuSE Local Security Checks
critical
132032openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)NessusSuSE Local Security Checks
critical
131833SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)NessusSuSE Local Security Checks
high
131334Fedora 31 : kernel (2019-34a75d7e61)NessusFedora Local Security Checks
high
131332Fedora 30 : kernel (2019-021c968423)NessusFedora Local Security Checks
high