SB2019112234 - Fedora 30 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019112234

SB2019112234 - Fedora 30 update for kernel

Published: November 22, 2019 Updated: April 25, 2025

Security Bulletin ID SB2019112234
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 16
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Medium 63% Low 38%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 16 vulnerabilities.


1) Memory leak (CVE-ID: CVE-2019-19074)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "ath9k_wmi_cmd()" function in "drivers/net/wireless/ath/ath9k/wmi.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).


2) Memory leak (CVE-ID: CVE-2019-19073)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "htc_config_pipe_credits()", "htc_setup_complete()" and "htc_connect_service()" functions in "drivers/net/wireless/ath/ath9k/htc_hst.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "wait_for_completion_timeout()" failures.

3) Memory leak (CVE-ID: CVE-2019-19072)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "predicate_parse()" function in "kernel/trace/trace_events_filter.c" file. A local attacker can cause a denial of service (memory consumption).


4) Memory leak (CVE-ID: CVE-2019-19071)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "rsi_send_beacon()" function in "drivers/net/wireless/rsi/rsi_91x_mgmt.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "rsi_prepare_beacon()" failures.


5) Memory leak (CVE-ID: CVE-2019-19068)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "rtl8xxxu_submit_int_urb()" function in "drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "usb_submit_urb()" failures.


6) Memory leak (CVE-ID: CVE-2019-19043)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "i40e_setup_macvlans()" function in "drivers/net/ethernet/intel/i40e/i40e_main.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "i40e_setup_channel()" failures.


7) Memory leak (CVE-ID: CVE-2019-19066)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "bfad_im_get_stats()" function in "drivers/scsi/bfa/bfad_attr.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "bfa_port_get_stats()" failures.


8) Memory leak (CVE-ID: CVE-2019-19050)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "crypto_reportstat()" function in "crypto/crypto_user_stat.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_reportstat_alg()" failures.


9) Memory leak (CVE-ID: CVE-2019-19063)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "rtl_usb_probe()" function in "drivers/net/wireless/realtek/rtlwifi/usb.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption).

10) Memory leak (CVE-ID: CVE-2019-19062)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "crypto_report()" function in "crypto/crypto_user_base.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "crypto_report_alg()" failures.


11) Memory leak (CVE-ID: CVE-2019-19059)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "iwl_pcie_ctxt_info_gen3_init()" function in "drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "iwl_pcie_init_fw_sec() or dma_alloc_coherent()" failures.


12) Memory leak (CVE-ID: CVE-2019-19058)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "alloc_sgtable()" function in "drivers/net/wireless/intel/iwlwifi/fw/dbg.c" file. A remote attacker on the local network can cause a denial of service (memory consumption) by triggering "alloc_page()" failures.


13) Memory leak (CVE-ID: CVE-2019-19057)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "mwifiex_pcie_init_evt_ring()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c"  file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.


14) Memory leak (CVE-ID: CVE-2019-19054)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "cx23888_ir_probe()" function in "drivers/media/pci/cx23885/cx23888-ir.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "kfifo_alloc()" failures.


15) Memory leak (CVE-ID: CVE-2019-19056)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "mwifiex_pcie_alloc_cmdrsp_buf()" function in "drivers/net/wireless/marvell/mwifiex/pcie.c" file. A remote attacker on the local network can cause a denial of service condition (memory consumption) by triggering "mwifiex_map_pci_memory()" failures.


16) Memory leak (CVE-ID: CVE-2019-19053)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the "rpmsg_eptdev_write_iter()" function in "drivers/rpmsg/rpmsg_char.c" file. A local attacker can cause a denial of service condition (memory consumption) by triggering "copy_from_iter_full()" failures.


Remediation

Install update from vendor's website.

References