CVE-2019-19067
First published: Mon Nov 18 2019(Updated: )
** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.3.8 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =19.04 | |
| Ubuntu Linux | =19.10 | |
| openSUSE | =15.1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.04 | |
| Ubuntu | =19.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157180
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
- https://github.com/torvalds/linux/commit/57be09c6e8747bf48704136d9e3f92bfb93f5725
- https://usn.ubuntu.com/4208-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4526-1/
- https://launchpad.net/bugs/cve/CVE-2019-19067
- https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
- https://security-tracker.debian.org/tracker/CVE-2019-19067
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19067
- https://nvd.nist.gov/vuln/detail/CVE-2019-19067
- https://ubuntu.com/security/CVE-2019-19067
Frequently Asked Questions
What is the severity of CVE-2019-19067?
CVE-2019-19067 is considered a denial of service vulnerability due to memory leaks in the Linux kernel.
How do I fix CVE-2019-19067?
To fix CVE-2019-19067, upgrade your Linux kernel to version 5.3.8 or later.
Which systems are affected by CVE-2019-19067?
CVE-2019-19067 affects multiple versions of the Linux kernel prior to 5.3.8 and various Linux distributions such as Ubuntu 18.04, 19.04, 19.10, and openSUSE Leap 15.1.
What are the potential impacts of CVE-2019-19067?
The potential impacts of CVE-2019-19067 include denial of service through excessive memory consumption.
Is CVE-2019-19067 being actively exploited?
As of the current information, there is no confirmed evidence that CVE-2019-19067 is actively exploited in the wild.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/weakness
- agent/status
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- agent/softwarecombine
- collector/nvd-api
- collector/nvd-index
- vendor/linux
- canonical/linux kernel
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/18.04
- version/ubuntu linux/19.04
- version/ubuntu linux/19.10
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- package-manager/debian
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/19.04
- version/ubuntu/19.10
- status/disputed