CVE-2019-19050

Published Nov 18, 2019

Last updated a year ago

CVSS high 7.5

Overview

Description: A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22BF102C-6F4F-4F6F-BDC4-CA17FDC10DF5",
            "versionEndExcluding": "5.3.16",
            "versionStartIncluding": "4.20"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "989D0C5E-C0BF-49D8-86E2-91A93238FD1E",
            "versionEndExcluding": "5.4.3",
            "versionStartIncluding": "5.4"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17CCD88F-373D-4BB5-B62E-8B55B05E2C31"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4",
            "versionEndIncluding": "11.60.3",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
          },
          {
            "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
          },
          {
            "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"
          },
          {
            "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521"
          },
          {
            "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89706810-031B-49F0-B353-FD27FD7B2776"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDD1E822-1EA6-4E62-A58B-2378149D20DC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References