Bug 1157067 - (CVE-2019-19071) VUL-1: CVE-2019-19071: kernel-source: A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c allows attackers to cause a denial of service (memory consumption)
(CVE-2019-19071)
VUL-1: CVE-2019-19071: kernel-source: A memory leak in the rsi_send_beacon() ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/247509/
CVSSv3.1:SUSE:CVE-2019-19071:5.9:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-18 18:28 UTC by Wolfgang Frisch
Modified: 2022-07-21 17:42 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-18 18:28:59 UTC
CVE-2019-19071

A memory leak in the rsi_send_beacon() function in
drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11
allows attackers to cause a denial of service (memory consumption) by triggering
rsi_prepare_beacon() failures, aka CID-d563131ef23c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19071
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19071.html
https://github.com/torvalds/linux/commit/d563131ef23cbc756026f839a82598c8445bc45f
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19071
Comment 2 Takashi Iwai 2019-11-18 18:58:58 UTC
It's in the wireless subsystem tree now.  Will wait until the merge to Linus branch, as this is no serious bug at all.
Comment 4 Takashi Iwai 2019-11-26 10:10:18 UTC
The relevant code is found only in SLE15-SP2, so backported to that branch.

Reassigned back to security team.
Comment 5 Alexandros Toptsoglou 2020-08-04 14:49:17 UTC
Done