** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.
References
Configurations
History
02 Jun 2021, 15:38
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ - Third Party Advisory | |
References | (MISC) https://bugzilla.suse.com/show_bug.cgi?id=1157294 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.5:rc1:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
Information
Published : 2019-11-18 06:15
Updated : 2024-05-17 01:35
NVD link : CVE-2019-19070
Mitre link : CVE-2019-19070
CVE.ORG link : CVE-2019-19070
JSON object : View
Products Affected
fedoraproject
- fedora
linux
- linux_kernel
CWE
CWE-401
Missing Release of Memory after Effective Lifetime