Bug 1157715 (CVE-2019-19047) - VUL-1: CVE-2019-19047: kernel-source: kernel: memory leak in mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c
Summary: VUL-1: CVE-2019-19047: kernel-source: kernel: memory leak in mlx5_fw_fatal_re...
Status: RESOLVED FIXED
Alias: CVE-2019-19047
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Thomas Bogendoerfer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/247485/
Whiteboard: CVSSv3.1:SUSE:CVE-2019-19047:1.9:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-25 15:34 UTC by Wolfgang Frisch
Modified: 2024-06-25 14:07 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-25 15:34:07 UTC 
CVE-2019-19047

A vulnerability was found in Linux Kernel where, a memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures.

Reference:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1774991
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19047
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19047
https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
Comment 6 Takashi Iwai 2019-11-25 16:43:43 UTC 
I updated the patch tag reference for SLE15-SP2 now.