CVE-2019-19057
moderate-risk
Published 2019-11-18
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (20)
Aff Baseboard Management Controller
References (30)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Third Party Advisory
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackwar...
Mailing List
https://seclists.org/bugtraq/2020/Jan/10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory
https://usn.ubuntu.com/4254-1/
Third Party Advisory
https://usn.ubuntu.com/4254-2/
Third Party Advisory
https://usn.ubuntu.com/4284-1/
Third Party Advisory
https://usn.ubuntu.com/4285-1/
Third Party Advisory
https://usn.ubuntu.com/4287-1/
Third Party Advisory
https://usn.ubuntu.com/4287-2/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Third Party Advisory
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackwar...
and 10 more references
37
/ 100
moderate-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
24/34 · High