Bug 1157064 - (CVE-2019-19069) VUL-1: CVE-2019-19069: kernel-source: A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c allows attackers to cause a denial of service (memory consumption)
(CVE-2019-19069)
VUL-1: CVE-2019-19069: kernel-source: A memory leak in the fastrpc_dma_buf_at...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/247507/
CVSSv3.1:SUSE:CVE-2019-19069:4.4:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-18 18:21 UTC by Wolfgang Frisch
Modified: 2022-07-21 17:42 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-18 18:21:11 UTC
CVE-2019-19069

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c
in the Linux kernel before 5.3.9 allows attackers to cause a denial of service
(memory consumption) by triggering dma_get_sgtable() failures, aka
CID-fc739a058d99.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19069
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19069.html
https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19069
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
Comment 1 Wolfgang Frisch 2019-11-18 18:23:12 UTC
The only kernels that contain drivers/misc/fastrpc.c are
openSUSE-15.2 and SLE15-SP2, and both already have the fix applied.

Closing.
Comment 2 Takashi Iwai 2019-11-18 18:57:50 UTC
I updated the patch reference tag in SLE15-SP2 accordingly.