Bugzilla – Bug 1156277
VUL-1: CVE-2019-18812: kernel-source: memory leak in sof_dfsentry_write() from sound/soc/sof/debug.c
Last modified: 2022-12-23 11:40:30 UTC
A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in
the Linux kernel through 5.3.9 allows attackers to cause a denial of service
(memory consumption), aka CID-c0a333d842ef.
The github URL is confusing... The commit hasn't been merged to Linus tree yet but it appears as if it have been merged.
Actually the fix is in the pull request to Linus I sent a couple of hours ago, so it'll be in 5.4-rc7, hopefully.
The relevant code is found only in 5.3 or later, so only SLE15-SP2 and TW are affected. I'll wait for Linus merging it, then backport it.
The fix pushed to both SLE15-SP2 and stable branches.
Reassigned back to security team.