CVE-2019-19053

high-risk
Published 2019-11-18

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Aff Baseboard Management Controller

Affected Vendors

Linux Broadcom Canonical Netapp

References (8)

Patch https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d5...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory https://usn.ubuntu.com/4300-1/
Third Party Advisory https://usn.ubuntu.com/4301-1/
Patch https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d5...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory https://usn.ubuntu.com/4300-1/
Third Party Advisory https://usn.ubuntu.com/4301-1/
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 23/34 · High