ID

VAR-201909-0977


CVE

CVE-2019-16995


TITLE

Linux Kernel Vulnerabilities related to lack of effective post-lifetime resource release

Trust: 0.8

sources: JVNDB: JVNDB-2019-010145

DESCRIPTION

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. Linux Kernel Is vulnerable to a lack of free resources after a valid lifetime. Vendors have confirmed this vulnerability CID-6caabe7f197d It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-16995 // JVNDB: JVNDB-2019-010145

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:ltversion:5.0.3

Trust: 1.8

vendor:linuxmodel:kernelscope:gteversion:4.9

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:netappmodel:h610sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.107

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.30

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.4

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.20.17

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:netappmodel:data availability servicesscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.19

Trust: 1.0

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.0

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.18.137

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.1

Trust: 1.0

vendor:netappmodel:aff a700sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.164

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.14

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.177

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.17

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

sources: JVNDB: JVNDB-2019-010145 // NVD: CVE-2019-16995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16995
value: HIGH

Trust: 1.0

NVD: CVE-2019-16995
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1341
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-16995
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-16995
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-16995
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-010145 // CNNVD: CNNVD-201909-1341 // NVD: CVE-2019-16995

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-772

Trust: 0.8

sources: JVNDB: JVNDB-2019-010145 // NVD: CVE-2019-16995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1341

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201909-1341

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010145

PATCH

title:ChangeLog-5.0.3url:https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.3

Trust: 0.8

title:net: hsr: fix memory leak in hsr_dev_finalize()url:https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:net: hsr: fix memory leak in hsr_dev_finalize()url:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626

Trust: 0.8

title:Linux kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98730

Trust: 0.6

sources: JVNDB: JVNDB-2019-010145 // CNNVD: CNNVD-201909-1341

EXTERNAL IDS

db:NVDid:CVE-2019-16995

Trust: 2.4

db:JVNDBid:JVNDB-2019-010145

Trust: 0.8

db:AUSCERTid:ESB-2020.0141

Trust: 0.6

db:AUSCERTid:ESB-2019.4676

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4252

Trust: 0.6

db:AUSCERTid:ESB-2019.4346

Trust: 0.6

db:AUSCERTid:ESB-2019.4584

Trust: 0.6

db:CNNVDid:CNNVD-201909-1341

Trust: 0.6

sources: JVNDB: JVNDB-2019-010145 // CNNVD: CNNVD-201909-1341 // NVD: CVE-2019-16995

REFERENCES

url:https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.0.3

Trust: 1.6

url:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6caabe7f197d3466d238f70915d65301f1716626

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html

Trust: 1.6

url:https://github.com/torvalds/linux/commit/6caabe7f197d3466d238f70915d65301f1716626

Trust: 1.6

url:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20191031-0005/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-16995

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16995

Trust: 0.8

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193294-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0141/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4676/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346/

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-memory-leak-via-hsr-dev-finalize-30486

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4252/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4584/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

sources: JVNDB: JVNDB-2019-010145 // CNNVD: CNNVD-201909-1341 // NVD: CVE-2019-16995

SOURCES

db:JVNDBid:JVNDB-2019-010145
db:CNNVDid:CNNVD-201909-1341
db:NVDid:CVE-2019-16995

LAST UPDATE DATE

2024-11-23T19:43:05.193000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2019-010145date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1341date:2021-08-12T00:00:00
db:NVDid:CVE-2019-16995date:2024-11-21T04:31:30.320

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2019-010145date:2019-10-07T00:00:00
db:CNNVDid:CNNVD-201909-1341date:2019-09-30T00:00:00
db:NVDid:CVE-2019-16995date:2019-09-30T13:15:11.073