CVE-2019-19055
First published: Sat Oct 05 2019(Updated: )
** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel-rt | <0:4.18.0-193.rt13.51.el8 | 0:4.18.0-193.rt13.51.el8 |
| redhat/kernel | <0:4.18.0-193.el8 | 0:4.18.0-193.el8 |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Linux Linux kernel | <=5.3.11 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Remedy
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-19055 https://nvd.nist.gov/vuln/detail/CVE-2019-19055
- https://bugzilla.redhat.com/show_bug.cgi?id=1775074
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:1567
- https://access.redhat.com/errata/RHSA-2020:1769
- https://access.redhat.com/security/cve/cve-2019-19055
- https://bugzilla.suse.com/show_bug.cgi?id=1157319
- https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://launchpad.net/bugs/cve/CVE-2019-19055
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1775116
- https://access.redhat.com/solutions/41278
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19055
- https://nvd.nist.gov/vuln/detail/CVE-2019-19055
- https://security-tracker.debian.org/tracker/CVE-2019-19055
- https://ubuntu.com/security/CVE-2019-19055
- https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-19055
- agent/severity
- agent/weakness
- agent/status
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- status/disputed
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.04
- version/canonical ubuntu linux/19.10
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.3.11
- package-manager/debian