What is the severity of CVE-2019-19060?

CVE-2019-19060 is considered to have a medium severity rating due to its potential to cause a denial of service through memory consumption.

How do I fix CVE-2019-19060?

To resolve CVE-2019-19060, upgrade the Linux kernel to version 5.3.9 or later.

What systems are affected by CVE-2019-19060?

CVE-2019-19060 affects various versions of the Linux kernel prior to 5.3.9, including certain versions of Ubuntu Linux and NetApp products.

Can CVE-2019-19060 lead to data loss?

While CVE-2019-19060 primarily results in a denial of service, it does not directly lead to data loss.

Is there a workaround for CVE-2019-19060?

There are no known workarounds for CVE-2019-19060; therefore, updating the kernel is the recommended course of action.

Vulnerability/
CVE-2019-19060

high

7.8

CWE

401

18/11/2019

21/11/2024

CVE-2019-19060

First published: Mon Nov 18 2019(Updated: )

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Kernel	>=3.8<4.4.262
Linux Kernel	>=4.5<4.9.262
Linux Kernel	>=4.10<4.14.226
Linux Kernel	>=4.15<4.19.82
Linux Kernel	>=4.20<5.3.9
NetApp Active IQ Unified Manager for VMware vSphere
NetApp FAS/AFF Baseboard Management Controller
NetApp Cloud Backup
NetApp Data Availability Services
NetApp E-Series SANtricity OS Controller	=11.0
NetApp E-Series SANtricity OS Controller	=11.0.0
NetApp E-Series SANtricity OS Controller	=11.20
NetApp E-Series SANtricity OS Controller	=11.25
NetApp E-Series SANtricity OS Controller	=11.30
NetApp E-Series SANtricity OS Controller	=11.30.5r3
NetApp E-Series SANtricity OS Controller	=11.40
NetApp E-Series SANtricity OS Controller	=11.40.3r2
NetApp E-Series SANtricity OS Controller	=11.40.5
NetApp E-Series SANtricity OS Controller	=11.50.1
NetApp E-Series SANtricity OS Controller	=11.50.2
NetApp E-Series SANtricity OS Controller	=11.50.2-p1
NetApp E-Series SANtricity OS Controller	=11.60
NetApp E-Series SANtricity OS Controller	=11.60.0
NetApp E-Series SANtricity OS Controller	=11.60.1
NetApp E-Series SANtricity OS Controller	=11.60.3
NetApp E-Series SANtricity OS Controller	=11.70.1
NetApp E-Series SANtricity OS Controller	=11.70.2
NetApp FAS/AFF Baseboard Management Controller
NetApp HCI Baseboard Management Controller	=h610s
NetApp SolidFire Enterprise SDS
NetApp SolidFire & HCI Management Node
NetApp SteelStore Cloud Integrated Storage
Broadcom Fabric Operating System
All of
NetApp HCI Compute Node Firmware
NetApp HCI Compute Node
All of
NetApp SolidFire Baseboard Management Controller Firmware
NetApp SolidFire
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=19.04
Ubuntu	=19.10
SUSE Linux	=15.1
NetApp HCI Compute Node Firmware
NetApp HCI Compute Node
NetApp SolidFire Baseboard Management Controller Firmware
NetApp SolidFire
debian/linux		5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1

Remedy

https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-19060?
CVE-2019-19060 is considered to have a medium severity rating due to its potential to cause a denial of service through memory consumption.
How do I fix CVE-2019-19060?
To resolve CVE-2019-19060, upgrade the Linux kernel to version 5.3.9 or later.
What systems are affected by CVE-2019-19060?
CVE-2019-19060 affects various versions of the Linux kernel prior to 5.3.9, including certain versions of Ubuntu Linux and NetApp products.
Can CVE-2019-19060 lead to data loss?
While CVE-2019-19060 primarily results in a denial of service, it does not directly lead to data loss.
Is there a workaround for CVE-2019-19060?
There are no known workarounds for CVE-2019-19060; therefore, updating the kernel is the recommended course of action.

collector/launchpad-cve
source/Launchpad
agent/type
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/first-publish-date
agent/last-modified-date
agent/trending
agent/source
agent/author
collector/usn-cve
source/Ubuntu
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/linux
canonical/linux kernel
version/linux kernel/3.8
version/linux kernel/4.5
version/linux kernel/4.10
version/linux kernel/4.15
version/linux kernel/4.20
vendor/netapp
canonical/netapp active iq unified manager for vmware vsphere
canonical/netapp fas/aff baseboard management controller
canonical/netapp cloud backup
canonical/netapp data availability services
canonical/netapp e-series santricity os controller
version/netapp e-series santricity os controller/11.0
version/netapp e-series santricity os controller/11.0.0
version/netapp e-series santricity os controller/11.20
version/netapp e-series santricity os controller/11.25
version/netapp e-series santricity os controller/11.30
version/netapp e-series santricity os controller/11.30.5r3
version/netapp e-series santricity os controller/11.40
version/netapp e-series santricity os controller/11.40.3r2
version/netapp e-series santricity os controller/11.40.5
version/netapp e-series santricity os controller/11.50.1
version/netapp e-series santricity os controller/11.50.2
version/netapp e-series santricity os controller/11.50.2-p1
version/netapp e-series santricity os controller/11.60
version/netapp e-series santricity os controller/11.60.0
version/netapp e-series santricity os controller/11.60.1
version/netapp e-series santricity os controller/11.60.3
version/netapp e-series santricity os controller/11.70.1
version/netapp e-series santricity os controller/11.70.2
canonical/netapp hci baseboard management controller
version/netapp hci baseboard management controller/h610s
canonical/netapp solidfire enterprise sds
canonical/netapp solidfire & hci management node
canonical/netapp steelstore cloud integrated storage
vendor/broadcom
canonical/broadcom fabric operating system
canonical/netapp hci compute node firmware
canonical/netapp hci compute node
canonical/netapp solidfire baseboard management controller firmware
canonical/netapp solidfire
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/19.04
version/ubuntu/19.10
vendor/opensuse
canonical/suse linux
version/suse linux/15.1