First published: Mon Feb 18 2019(Updated: )
A kernel memory leak was found in the kernel_read_file() function in the fs/exec.c file in the Linux kernel which allows attackers to cause a memory leak and thus a denial of service (DoS). References: <a href="https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/T/#u">https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/T/#u</a> <a href="https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html">https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html</a> An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f612acfae86af7ecad754ae6a46019be9da05b8e">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f612acfae86af7ecad754ae6a46019be9da05b8e</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-193.rt13.51.el8 | 0:4.18.0-193.rt13.51.el8 |
redhat/kernel | <0:4.18.0-193.el8 | 0:4.18.0-193.el8 |
Linux Kernel | >=4.7<4.9.163 | |
Linux Kernel | >=4.14<4.14.106 | |
Linux Kernel | >=4.19<4.19.28 | |
Linux Kernel | >=4.20<4.20.15 | |
Linux Kernel | >=5.0<5.0.1 | |
Linux Kernel | =5.1-rc1 | |
Ubuntu Linux | =14.04 | |
Ubuntu Linux | =16.04 | |
Ubuntu Linux | =18.04 | |
Ubuntu Linux | =18.10 | |
openSUSE | =15.0 | |
Debian GNU/Linux | =8.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 | |
Linux kernel | >=4.7<4.9.163 | |
Linux kernel | >=4.14<4.14.106 | |
Linux kernel | >=4.19<4.19.28 | |
Linux kernel | >=4.20<4.20.15 | |
Linux kernel | >=5.0<5.0.1 | |
Linux kernel | =5.1-rc1 | |
Ubuntu | =14.04 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =18.10 | |
Debian | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8980 has a severity rating of medium due to its potential to cause a denial of service.
To fix CVE-2019-8980, update your kernel to versions 0:4.18.0-193.rt13.51.el8 or 0:4.18.0-193.el8 or later.
CVE-2019-8980 affects various Linux kernel versions between 4.7 and 5.1-rc1 and several Linux distributions like Red Hat, Ubuntu, and Debian.
CVE-2019-8980 may allow local attackers to exploit the vulnerability to cause a memory leak.
CVE-2019-8980 specifically involves the kernel_read_file() function within the fs/exec.c file of the Linux kernel.