What is the severity of CVE-2019-19049?

CVE-2019-19049 is considered to have a high severity due to its potential to cause denial of service through memory consumption.

How do I fix CVE-2019-19049?

To fix CVE-2019-19049, users should upgrade their Linux kernel to version 5.3.10 or later.

What systems are affected by CVE-2019-19049?

CVE-2019-19049 affects various versions of the Linux kernel prior to 5.3.10, including versions ranging from 3.17 up to 5.3.

What exploits are associated with CVE-2019-19049?

CVE-2019-19049 allows attackers to trigger failures in the of_fdt_unflatten_tree() function, leading to memory leaks.

Is CVE-2019-19049 prevalent in openSUSE?

Yes, CVE-2019-19049 has been documented as affecting openSUSE Leap 15.1 and varies depending on the kernel version used.

Vulnerability/
CVE-2019-19049

high

7.8

CWE

401

18/11/2019

7/3/2025

CVE-2019-19049

First published: Mon Nov 18 2019(Updated: )

** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Kernel	>=3.17<4.4.200
Linux Kernel	>=4.5<4.9.200
Linux Kernel	>=4.10<4.14.153
Linux Kernel	>=4.15<4.19.83
Linux Kernel	>=4.20<5.3.10
SUSE Linux	=15.1
Linux Kernel	<5.3.10

Remedy

https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-19049?
CVE-2019-19049 is considered to have a high severity due to its potential to cause denial of service through memory consumption.
How do I fix CVE-2019-19049?
To fix CVE-2019-19049, users should upgrade their Linux kernel to version 5.3.10 or later.
What systems are affected by CVE-2019-19049?
CVE-2019-19049 affects various versions of the Linux kernel prior to 5.3.10, including versions ranging from 3.17 up to 5.3.
What exploits are associated with CVE-2019-19049?
CVE-2019-19049 allows attackers to trigger failures in the of_fdt_unflatten_tree() function, leading to memory leaks.
Is CVE-2019-19049 prevalent in openSUSE?
Yes, CVE-2019-19049 has been documented as affecting openSUSE Leap 15.1 and varies depending on the kernel version used.

agent/references
agent/type
agent/remedy
agent/severity
agent/weakness
agent/status
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/linux
canonical/linux kernel
version/linux kernel/3.17
version/linux kernel/4.5
version/linux kernel/4.10
version/linux kernel/4.15
version/linux kernel/4.20
vendor/opensuse
canonical/suse linux
version/suse linux/15.1
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.