First published: Mon Nov 18 2019(Updated: )
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | >=4.20<5.3.16 | |
Linux Kernel | >=5.4<5.4.3 | |
Linux Kernel | =5.5-rc1 | |
Red Hat Fedora | =30 | |
Red Hat Fedora | =31 | |
Ubuntu | =18.04 | |
Ubuntu | =19.10 | |
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp Data Availability Services | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.60.3 | |
NetApp SolidFire & HCI Management Node | ||
NetApp SolidFire & HCI Storage Node | ||
NetApp SteelStore Cloud Integrated Storage | ||
NetApp HCI Compute Node | ||
NetApp HCI Storage Nodes | ||
Broadcom Fabric Operating System | ||
NetApp A700 Firmware | ||
NetApp AFF A700s Firmware | ||
NetApp FAS8300 | ||
NetApp FAS8300 Firmware | ||
NetApp FAS 8700 | ||
NetApp FAS8700 Firmware | ||
NetApp AFF A400 | ||
NetApp AFF A400 | ||
NetApp HCI H610S Firmware | ||
NetApp H610S Firmware | ||
All of | ||
NetApp A700 Firmware | ||
NetApp AFF A700s Firmware | ||
All of | ||
NetApp FAS8300 | ||
NetApp FAS8300 Firmware | ||
All of | ||
NetApp FAS 8700 | ||
NetApp FAS8700 Firmware | ||
All of | ||
NetApp AFF A400 | ||
NetApp AFF A400 | ||
All of | ||
NetApp HCI H610S Firmware | ||
NetApp H610S Firmware | ||
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19050 is classified as a high severity vulnerability due to its potential to cause denial of service through memory consumption.
To mitigate CVE-2019-19050, upgrade your Linux kernel to version 5.4.4 or later, or apply appropriate patches provided by your distribution.
CVE-2019-19050 affects various versions of the Linux Kernel up to 5.3.11 and certain Fedora and Ubuntu releases.
Yes, CVE-2019-19050 can potentially be exploited remotely if an attacker can trigger the crypto_reportstat_alg() function failures.
CVE-2019-19050 is a memory leak vulnerability that can lead to denial of service scenarios.