Bugzilla – Bug 1156277
VUL-1: CVE-2019-18812: kernel-source: memory leak in sof_dfsentry_write() from sound/soc/sof/debug.c
Last modified: 2022-12-23 11:40:30 UTC
CVE-2019-18812 A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18812 https://github.com/torvalds/linux/commit/c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed
The github URL is confusing... The commit hasn't been merged to Linus tree yet but it appears as if it have been merged. Actually the fix is in the pull request to Linus I sent a couple of hours ago, so it'll be in 5.4-rc7, hopefully. The relevant code is found only in 5.3 or later, so only SLE15-SP2 and TW are affected. I'll wait for Linus merging it, then backport it.
The fix pushed to both SLE15-SP2 and stable branches. Reassigned back to security team.
done