Vulnerability Description
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.20, < 5.3.16 |
| Fedoraproject | Fedora | 30 |
| Canonical | Ubuntu Linux | 18.04 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Data Availability Services | - |
| Netapp | E-Series Santricity Os Controller | >= 11.0.0, <= 11.60.3 |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Netapp | Hci Compute Node | - |
| Netapp | Hci Storage Node | - |
| Broadcom | Fabric Operating System | - |
| Netapp | Aff A700S Firmware | - |
| Netapp | Aff A700S | - |
| Netapp | Fas8300 Firmware | - |
| Netapp | Fas8300 | - |
| Netapp | Fas8700 Firmware | - |
| Netapp | Fas8700 | - |
| Netapp | Aff A400 Firmware | - |
| Netapp | Aff A400 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20191205-0001/Third Party Advisory
- https://usn.ubuntu.com/4258-1/Third Party Advisory
- https://usn.ubuntu.com/4284-1/Third Party Advisory
- http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
- https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20191205-0001/Third Party Advisory
- https://usn.ubuntu.com/4258-1/Third Party Advisory
- https://usn.ubuntu.com/4284-1/Third Party Advisory
FAQ
What is CVE-2019-19050?
CVE-2019-19050 is a vulnerability with a CVSS score of 7.5 (HIGH). A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypt...
How severe is CVE-2019-19050?
CVE-2019-19050 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19050?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Canonical Ubuntu Linux, Netapp Active Iq Unified Manager, Netapp Data Availability Services.