CVE-2019-19055 — MEDIUM (5.5)

Q: How severe is CVE-2019-19055?

CVE-2019-19055 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19055?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Fedoraproject Fedora, Linux Linux Kernel.

Vulnerability Description

A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	18.04
Fedoraproject	Fedora	30
Linux	Linux Kernel	<= 5.3.11

Related Weaknesses (CWE)

CWE-401

References

https://bugzilla.suse.com/show_bug.cgi?id=1157319Issue TrackingThird Party Advisory
https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa5PatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4225-1/Third Party Advisory
https://usn.ubuntu.com/4225-2/Third Party Advisory
https://usn.ubuntu.com/4226-1/Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1157319Issue TrackingThird Party Advisory
https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa5PatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4225-1/Third Party Advisory
https://usn.ubuntu.com/4225-2/Third Party Advisory
https://usn.ubuntu.com/4226-1/Third Party Advisory

FAQ

What is CVE-2019-19055?

CVE-2019-19055 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by trigg...

How severe is CVE-2019-19055?

CVE-2019-19055 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19055?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Fedoraproject Fedora, Linux Linux Kernel.