1157294 – (CVE-2019-19070) VUL-1: DISPUTED: CVE-2019-19070: kernel-source: memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c

Bug 1157294 (CVE-2019-19070) - VUL-1: DISPUTED: CVE-2019-19070: kernel-source: memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c

Summary: VUL-1: DISPUTED: CVE-2019-19070: kernel-source: memory leak in the spi_gpio_p...

Status:	RESOLVED FIXED

Alias:	CVE-2019-19070

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/247508/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-11-20 10:26 UTC by Robert Frohl
Modified:	2024-06-25 14:07 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2019-11-20 10:26:21 UTC

CVE-2019-19070

A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the
Linux kernel through 5.3.11 allows attackers to cause a denial of service
(memory consumption) by triggering devm_add_action_or_reset() failures, aka
CID-d3b0ffa1d75d.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19070
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19070.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19070
https://github.com/torvalds/linux/commit/d3b0ffa1d75d5305ebe34735598993afbb8a869d

Comment 1 Robert Frohl 2019-11-20 10:28:22 UTC

potentially affects SLE12-LTSS and newer.

If I am not mistaken only arm64 flavor of SUSE kernels is affected.

As this is in the probe() function of the SPI driver, is this a candidate for rejection?

Comment 2 Takashi Iwai 2019-11-20 11:09:44 UTC

Will backport once when the fix is merged to Linus tree.

This one is yet another case for dispute: the error condition is kmalloc() error at the driver probe time, and this is already a critical situation.

Comment 4 Takashi Iwai 2019-11-26 10:13:03 UTC

Backported to SLE15-SP2.  Older branches don't have the relevant code.

Reassigned back to security team.

Comment 5 Alexandros Toptsoglou 2020-01-20 15:37:01 UTC

done