CVE-2019-19050

moderate-risk
Published 2019-11-18

A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Aff A700S Firmware
Fas8300 Firmware
Fas8700 Firmware

Affected Vendors

Linux Broadcom Canonical Fedoraproject Netapp

References (14)

Third Party Advisory http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LS...
Patch https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2d...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory https://usn.ubuntu.com/4258-1/
Third Party Advisory https://usn.ubuntu.com/4284-1/
Third Party Advisory http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LS...
Patch https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2d...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory https://usn.ubuntu.com/4258-1/
Third Party Advisory https://usn.ubuntu.com/4284-1/
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 20/34 · Moderate