CVE-2019-19067
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/11/2019
Last modified:
05/08/2024
Description
Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.3.8 (excluding) | |
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* | ||
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* | ||
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* | ||
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157180
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
- https://github.com/torvalds/linux/commit/57be09c6e8747bf48704136d9e3f92bfb93f5725
- https://usn.ubuntu.com/4208-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4526-1/