CVE-2019-19075

moderate-risk
Published 2019-11-18

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

Do I need to act?

~
1.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Linux Canonical

References (14)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
Patch https://github.com/torvalds/linux/commit/6402939ec86eaf226c8b8ae00ed983936b16490...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory https://usn.ubuntu.com/4208-1/
Third Party Advisory https://usn.ubuntu.com/4210-1/
Third Party Advisory https://usn.ubuntu.com/4226-1/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
Patch https://github.com/torvalds/linux/commit/6402939ec86eaf226c8b8ae00ed983936b16490...
Third Party Advisory https://security.netapp.com/advisory/ntap-20191205-0001/
Third Party Advisory https://usn.ubuntu.com/4208-1/
Third Party Advisory https://usn.ubuntu.com/4210-1/
Third Party Advisory https://usn.ubuntu.com/4226-1/
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 5/34 · Minimal
Exposure 12/34 · Low