Vulnerability Details CVE-2019-19064
A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- https://bugzilla.suse.com/show_bug.cgi?id=1157300
- https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://usn.ubuntu.com/4300-1/
- https://bugzilla.suse.com/show_bug.cgi?id=1157300
- https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/
- https://usn.ubuntu.com/4300-1/
Products affected by CVE-2019-19064
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:linux:linux_kernel:5.2
-
cpe:2.3:o:linux:linux_kernel:5.2.1
-
cpe:2.3:o:linux:linux_kernel:5.2.10
-
cpe:2.3:o:linux:linux_kernel:5.2.11
-
cpe:2.3:o:linux:linux_kernel:5.2.12
-
cpe:2.3:o:linux:linux_kernel:5.2.13
-
cpe:2.3:o:linux:linux_kernel:5.2.14
-
cpe:2.3:o:linux:linux_kernel:5.2.15
-
cpe:2.3:o:linux:linux_kernel:5.2.16
-
cpe:2.3:o:linux:linux_kernel:5.2.17
-
cpe:2.3:o:linux:linux_kernel:5.2.18
-
cpe:2.3:o:linux:linux_kernel:5.2.19
-
cpe:2.3:o:linux:linux_kernel:5.2.2
-
cpe:2.3:o:linux:linux_kernel:5.2.20
-
cpe:2.3:o:linux:linux_kernel:5.2.21
-
cpe:2.3:o:linux:linux_kernel:5.2.3
-
cpe:2.3:o:linux:linux_kernel:5.2.4
-
cpe:2.3:o:linux:linux_kernel:5.2.5
-
cpe:2.3:o:linux:linux_kernel:5.2.6
-
cpe:2.3:o:linux:linux_kernel:5.2.7
-
cpe:2.3:o:linux:linux_kernel:5.2.8
-
cpe:2.3:o:linux:linux_kernel:5.2.9
-
cpe:2.3:o:linux:linux_kernel:5.3
-
cpe:2.3:o:linux:linux_kernel:5.3.1
-
cpe:2.3:o:linux:linux_kernel:5.3.10
-
cpe:2.3:o:linux:linux_kernel:5.3.11
-
cpe:2.3:o:linux:linux_kernel:5.3.12
-
cpe:2.3:o:linux:linux_kernel:5.3.13
-
cpe:2.3:o:linux:linux_kernel:5.3.14
-
cpe:2.3:o:linux:linux_kernel:5.3.15
-
cpe:2.3:o:linux:linux_kernel:5.3.16
-
cpe:2.3:o:linux:linux_kernel:5.3.17
-
cpe:2.3:o:linux:linux_kernel:5.3.18
-
cpe:2.3:o:linux:linux_kernel:5.3.2
-
cpe:2.3:o:linux:linux_kernel:5.3.3
-
cpe:2.3:o:linux:linux_kernel:5.3.4
-
cpe:2.3:o:linux:linux_kernel:5.3.5
-
cpe:2.3:o:linux:linux_kernel:5.3.6
-
cpe:2.3:o:linux:linux_kernel:5.3.7
-
cpe:2.3:o:linux:linux_kernel:5.3.8
-
cpe:2.3:o:linux:linux_kernel:5.3.9
-
cpe:2.3:o:linux:linux_kernel:5.4
-
cpe:2.3:o:linux:linux_kernel:5.4.0
-
cpe:2.3:o:linux:linux_kernel:5.4.1
-
cpe:2.3:o:linux:linux_kernel:5.4.10
-
cpe:2.3:o:linux:linux_kernel:5.4.11
-
cpe:2.3:o:linux:linux_kernel:5.4.12
-
cpe:2.3:o:linux:linux_kernel:5.4.2
-
cpe:2.3:o:linux:linux_kernel:5.4.3
-
cpe:2.3:o:linux:linux_kernel:5.4.4
-
cpe:2.3:o:linux:linux_kernel:5.4.5
-
cpe:2.3:o:linux:linux_kernel:5.4.6
-
cpe:2.3:o:linux:linux_kernel:5.4.7
-
cpe:2.3:o:linux:linux_kernel:5.4.8
-
cpe:2.3:o:linux:linux_kernel:5.4.9