CVE-2019-19055
First published: Sat Oct 05 2019(Updated: )
** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel-rt | <0:4.18.0-193.rt13.51.el8 | 0:4.18.0-193.rt13.51.el8 |
| redhat/kernel | <0:4.18.0-193.el8 | 0:4.18.0-193.el8 |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.04 | |
| Ubuntu Linux | =19.10 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Linux Kernel | <=5.3.11 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.04 | |
| Ubuntu | =19.10 | |
| Fedora | =30 | |
| Fedora | =31 | |
| Linux kernel | <=5.3.11 |
Remedy
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-19055 https://nvd.nist.gov/vuln/detail/CVE-2019-19055
- https://bugzilla.redhat.com/show_bug.cgi?id=1775074
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:1567
- https://access.redhat.com/errata/RHSA-2020:1769
- https://access.redhat.com/security/cve/cve-2019-19055
- https://bugzilla.suse.com/show_bug.cgi?id=1157319
- https://github.com/torvalds/linux/commit/1399c59fa92984836db90538cf92397fe7caaa57
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://launchpad.net/bugs/cve/CVE-2019-19055
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1775116
- https://access.redhat.com/solutions/41278
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19055
- https://nvd.nist.gov/vuln/detail/CVE-2019-19055
- https://security-tracker.debian.org/tracker/CVE-2019-19055
- https://ubuntu.com/security/CVE-2019-19055
- https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2019-19055?
CVE-2019-19055 has a severity rating that may allow attackers to cause a denial of service due to a memory leak.
How do I fix CVE-2019-19055?
To fix CVE-2019-19055, update your Linux kernel to at least version 5.10.223-1 or the recommended versions provided by your distribution.
What systems are affected by CVE-2019-19055?
CVE-2019-19055 affects various Linux distributions, including specific versions of the Red Hat kernel, Ubuntu Linux, and Fedora.
What does CVE-2019-19055 imply for system security?
CVE-2019-19055 implies that systems are at risk of memory consumption issues that can be exploited to disrupt services.
Is there any workaround for CVE-2019-19055?
Currently, the best course of action for CVE-2019-19055 is to apply the security updates provided by your Linux distribution.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-19055
- agent/severity
- agent/weakness
- agent/status
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-index
- package-manager/redhat
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/18.04
- version/ubuntu linux/19.04
- version/ubuntu linux/19.10
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.3.11
- package-manager/debian
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/19.04
- version/ubuntu/19.10
- canonical/fedora
- version/fedora/30
- version/fedora/31
- status/disputed