CVE-2019-19057

LOW EPSS 51.6%
Published Nov 18, 20196y ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Nov 18, 2019 6y ago
Last Modified Jun 17, 2026 2w ago

Description

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
51.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 41

VendorProductVersionRange
linuxlinux_kernel* ≤5.3.11
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
canonicalubuntu_linux19.10any
debiandebian_linux8.0any
fedoraprojectfedora30any
fedoraprojectfedora31any
opensuseleap15.1any
netappactive_iq_unified_manager*any
netappaff_baseboard_management_controller*any
netappcloud_backup*any
netappdata_availability_services*any
netappe-series_santricity_os_controller11.0any
netappe-series_santricity_os_controller11.0.0any
netappe-series_santricity_os_controller11.20any
netappe-series_santricity_os_controller11.25any
netappe-series_santricity_os_controller11.30any
netappe-series_santricity_os_controller11.30.5r3any
netappe-series_santricity_os_controller11.40any
netappe-series_santricity_os_controller11.40.3r2any
netappe-series_santricity_os_controller11.40.5any
netappe-series_santricity_os_controller11.50.1any
netappe-series_santricity_os_controller11.50.2any
netappe-series_santricity_os_controller11.50.2any
netappe-series_santricity_os_controller11.60any
netappe-series_santricity_os_controller11.60.0any
netappe-series_santricity_os_controller11.60.1any
netappe-series_santricity_os_controller11.60.3any
netappe-series_santricity_os_controller11.70.1any
netappe-series_santricity_os_controller11.70.2any
netappfas\/aff_baseboard_management_controller*any
netapphci_baseboard_management_controllerh610sany
netappsolidfire\,_enterprise_sds_\&_hci_storage_node*any
netappsolidfire_\&_hci_management_node*any
netappsteelstore_cloud_integrated_storage*any
broadcombrocade_fabric_operating_system_firmware*any
netapphci_compute_node_firmware*any
netapphci_compute_node*any
netappsolidfire_baseboard_management_controller_firmware*any
netappsolidfire_baseboard_management_controller*any

References 15

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
    Third Party Advisory
  • packetstormsecurity.com http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
    Third Party AdvisoryVDB Entry
  • github.com https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
  • seclists.org https://seclists.org/bugtraq/2020/Jan/10
    Mailing ListThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20191205-0001/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4254-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4254-2/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4284-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4285-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4287-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4287-2/
    Third Party Advisory

Remediation

  • github.com https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c
    PatchThird Party Advisory