Bug 1157064 (CVE-2019-19069) - VUL-1: CVE-2019-19069: kernel-source: A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c allows attackers to cause a denial of service (memory consumption)
Summary: VUL-1: CVE-2019-19069: kernel-source: A memory leak in the fastrpc_dma_buf_at...
Status: RESOLVED FIXED
Alias: CVE-2019-19069
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/247507/
Whiteboard: CVSSv3.1:SUSE:CVE-2019-19069:4.4:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-18 18:21 UTC by Wolfgang Frisch
Modified: 2024-06-25 14:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-18 18:21:11 UTC 
CVE-2019-19069

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c
in the Linux kernel before 5.3.9 allows attackers to cause a denial of service
(memory consumption) by triggering dma_get_sgtable() failures, aka
CID-fc739a058d99.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19069
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19069.html
https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19069
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
Comment 1 Wolfgang Frisch 2019-11-18 18:23:12 UTC 
The only kernels that contain drivers/misc/fastrpc.c are
openSUSE-15.2 and SLE15-SP2, and both already have the fix applied.

Closing.
Comment 2 Takashi Iwai 2019-11-18 18:57:50 UTC 
I updated the patch reference tag in SLE15-SP2 accordingly.