Vulnerability Description
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 3.11 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server Eus | 7.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106632Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0327Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0201Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815Issue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/03/msg00013.htmlMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/106632Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0327Vendor Advisory
- https://access.redhat.com/errata/RHSA-2019:0201Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815Issue TrackingVendor Advisory
- https://lists.debian.org/debian-lts-announce/2019/03/msg00013.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2019-3815?
CVE-2019-3815 is a vulnerability with a CVSS score of 3.3 (LOW). A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_io...
How severe is CVE-2019-3815?
CVE-2019-3815 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3815?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.