Bugzilla – Bug 1157720
VUL-1: CVE-2019-19048: kernel-source: kernel: memory leak in crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c
Last modified: 2024-06-25 14:08:01 UTC
CVE-2019-19048 A vulnerability was found in Linux Kernel where, a memory leak in the crypto_reportstat() function in drivers/virt/vboxguest/vboxguest_utils.c allows attackers to cause a denial of service (memory consumption) by triggering copy_form_user() failures. Reference: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/e0b0cb9388642c104838fac100a4af32745621e2 References: https://bugzilla.redhat.com/show_bug.cgi?id=1774994 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19048 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19048.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19048 https://github.com/torvalds/linux/commit/e0b0cb9388642c104838fac100a4af32745621e2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
No SUSE product is affected by this issue. The upcoming kernel SLE15-SP2 already contains a fix. Closing.