Multiple vulnerabilities in Linux kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-19807 CVE-2019-19529 CVE-2019-19044 CVE-2019-19045 CVE-2019-19047 CVE-2019-19051 CVE-2019-19052 |
| CWE-ID | CWE-416 CWE-400 CWE-401 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU30551
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19807
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97
http://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97
http://security.netapp.com/advisory/ntap-20200103-0001/
http://usn.ubuntu.com/4225-1/
http://usn.ubuntu.com/4227-1/
http://usn.ubuntu.com/4227-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU30565
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19529
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
MitigationUpdate to version 5.3.11.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
http://www.openwall.com/lists/oss-security/2019/12/03/4
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4d6636498c41891d0482a914dd570343a838ad79
http://usn.ubuntu.com/4225-1/
http://usn.ubuntu.com/4225-2/
http://usn.ubuntu.com/4226-1/
http://usn.ubuntu.com/4227-1/
http://usn.ubuntu.com/4227-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU30601
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19044
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f
http://security.netapp.com/advisory/ntap-20191205-0001/
http://usn.ubuntu.com/4225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU30602
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19045
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. A remote attacker can perform a denial of service attack.
MitigationUpdate to version 5.3.11.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://github.com/torvalds/linux/commit/c8c2a057fdc7de1cd16f4baa51425b932a42eb39
http://security.netapp.com/advisory/ntap-20191205-0001/
http://usn.ubuntu.com/4225-1/
http://usn.ubuntu.com/4225-2/
http://usn.ubuntu.com/4226-1/
http://usn.ubuntu.com/4227-1/
http://usn.ubuntu.com/4227-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU30603
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19047
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5. A remote attacker can perform a denial of service attack.
MitigationUpdate to version 5.3.11.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
http://security.netapp.com/advisory/ntap-20191205-0001/
http://usn.ubuntu.com/4225-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU30604
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19051
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7. A remote attacker can perform a denial of service attack.
MitigationUpdate to version 5.3.11.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://github.com/torvalds/linux/commit/6f3ef5c25cc762687a7341c18cbea5af54461407
http://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
http://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
http://security.netapp.com/advisory/ntap-20191205-0001/
http://usn.ubuntu.com/4225-1/
http://usn.ubuntu.com/4225-2/
http://usn.ubuntu.com/4286-1/
http://usn.ubuntu.com/4286-2/
http://usn.ubuntu.com/4302-1/
http://usn.ubuntu.com/4344-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU30605
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19052
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. A remote attacker can perform a denial of service attack.
MitigationUpdate to version 5.3.11.
Vulnerable software versionsLinux kernel: 5.3.1 - 5.3.10
External linkshttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
http://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817
http://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
http://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
http://security.netapp.com/advisory/ntap-20191205-0001/
http://usn.ubuntu.com/4225-1/
http://usn.ubuntu.com/4225-2/
http://usn.ubuntu.com/4226-1/
http://usn.ubuntu.com/4227-1/
http://usn.ubuntu.com/4227-2/
http://usn.ubuntu.com/4228-1/
http://usn.ubuntu.com/4228-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
