Bugzilla – Bug 1159370
VUL-0: CVE-2019-19044: kernel-source: dos in v3d_submit_cl_ioctl() in drivers/gpu/drm/v3d/v3d_gem.c
Last modified: 2024-06-25 14:12:12 UTC
CVE-2019-19044 A vulnerability was found inLinux Kernel where, two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f References: https://bugzilla.redhat.com/show_bug.cgi?id=1774977 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19044 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19044.html https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19044 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://security.netapp.com/advisory/ntap-20191205-0001/
It seems that this issue introduced in [1] in version 5.3 and fixed in [2] in version 5.4. Only SLE15-SP2 is affected where the fix is already pushed there. [1] https://github.com/torvalds/linux/commit/a783a09ee76d6259296dc6aeea2b6884fa526980 [2] https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f