Lucene search

MitreCVE-2019-19062

HistoryNov 18, 2019 - 6:15 a.m.

CVE-2019-19062

2019-11-1806:15:12

CWE-401

mitre

web.nvd.nist.gov

299

cve-2019-19062

memory leak

crypto_report

linux kernel

dos

nvd

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

17.1%

JSON

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤5.3.11

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

debiandebian_linuxMatch8.0

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

opensuseleapMatch15.1

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonicalubuntu_linux19.10cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
canonical	ubuntu_linux	19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
fedoraproject	fedora	30	cpe:2.3:o:fedoraproject:fedora:30:::::::*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
opensuse	leap	15.1	cpe:2.3:o:opensuse:leap:15.1:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*