CVE-2019-19046 (Medium) detected in linux-stable-rtv4.1.33

[mend-bolt-for-github[bot]]

CVE-2019-19046 - Medium Severity Vulnerability

Vulnerable Library - linux-stable-rtv4.1.33

Julia Cartwright's fork of linux-stable-rt.git

Library home page: https://git.kernel.org/pub/scm/linux/kernel/git/julia/linux-stable-rt.git

Found in HEAD commit: 00db4e8795bcbec692fb60b19160bdd763ad42e3

Found in base branch: master

Vulnerable Source Files (2)

/drivers/char/ipmi/ipmi_msghandler.c /drivers/char/ipmi/ipmi_msghandler.c

Vulnerability Details

** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.

Publish Date: 2019-11-18

URL: CVE-2019-19046

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-19046

Release Date: 2019-11-18

Fix Resolution: perf - 4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,4.18.0-240,4.18.0-240,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1062.40.1;kernel-zfcpdump-modules-extra - 4.18.0-240;kernel-debuginfo - 3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1160,3.10.0-957.65.1;kernel-debug-devel - 3.10.0-1062.40.1,4.18.0-240,4.18.0-240,3.10.0-957.65.1,4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,3.10.0-957.65.1;bpftool - 3.10.0-1160,3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,3.10.0-1160,4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,4.18.0-240,3.10.0-1062.40.1;kernel-rt-debug-core - 4.18.0-240.rt7.54;kernel-tools-libs - 3.10.0-1160,4.18.0-240,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-957.65.1,4.18.0-240,3.10.0-1062.40.1;perf-debuginfo - 3.10.0-1160,4.18.0-240,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1160;kernel-cross-headers - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-debug-debuginfo - 3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,4.18.0-240;kernel-debug - 3.10.0-1062.40.1,4.18.0-240,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,4.18.0-240,4.18.0-240,4.18.0-240,3.10.0-1062.40.1;kernel-devel - 3.10.0-1160,3.10.0-957.65.1,4.18.0-240,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,4.18.0-240,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1,4.18.0-240;kernel - 3.10.0-1160,4.18.0-240,4.18.0-240,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,4.18.0-240,4.18.0-240,3.10.0-957.65.1,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160;bpftool-debuginfo - 4.18.0-240,3.10.0-1062.40.1,3.10.0-1160;kernel-zfcpdump-core - 4.18.0-240;kernel-debug-core - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-modules-extra - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-debug-devel - 3.10.0-1160.rt56.1131,4.18.0-240.rt7.54;python-perf - 3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,3.10.0-957.65.1,3.10.0-1160,3.10.0-1062.40.1;kernel-core - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-debug - 4.18.0-240.rt7.54,3.10.0-1160.rt56.1131;kernel-rt-devel - 4.18.0-240.rt7.54,3.10.0-1160.rt56.1131;kernel-debuginfo-common-ppc64 - 3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1;python3-perf - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-tools - 3.10.0-1062.40.1,4.18.0-240,3.10.0-957.65.1,4.18.0-240,3.10.0-957.65.1,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1062.40.1,4.18.0-240,3.10.0-1160;kernel-debug-modules - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-trace-kvm - 3.10.0-1160.rt56.1131;kernel-rt-debuginfo-common-x86_64 - 4.18.0-240.rt7.54;kernel-tools-libs-devel - 3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1;kernel-modules - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-tools-debuginfo - 3.10.0-1160,3.10.0-957.65.1,3.10.0-1160,3.10.0-1062.40.1,4.18.0-240,3.10.0-1062.40.1,3.10.0-957.65.1;kernel-rt-modules - 4.18.0-240.rt7.54;kernel-rt-doc - 3.10.0-1160.rt56.1131;kernel-rt-kvm - 3.10.0-1160.rt56.1131,4.18.0-240.rt7.54;python-perf-debuginfo - 3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1160,3.10.0-1062.40.1,3.10.0-957.65.1;kernel-headers - 3.10.0-1160,3.10.0-957.65.1,4.18.0-240,3.10.0-1062.40.1,3.10.0-1160,3.10.0-1062.40.1,3.10.0-1062.40.1,3.10.0-957.65.1,4.18.0-240,4.18.0-240,4.18.0-240,3.10.0-1160,3.10.0-957.65.1;kernel-rt-trace - 3.10.0-1160.rt56.1131;kernel-debuginfo-common-x86_64 - 3.10.0-1062.40.1,3.10.0-1160,4.18.0-240,3.10.0-957.65.1;kernel-rt - 3.10.0-1160.rt56.1131,3.10.0-1160.rt56.1131,4.18.0-240.rt7.54,4.18.0-240.rt7.54;kernel-zfcpdump - 4.18.0-240;kernel-rt-debug-modules-extra - 4.18.0-240.rt7.54;python3-perf-debuginfo - 4.18.0-240;kernel-rt-modules-extra - 4.18.0-240.rt7.54;kernel-doc - 4.18.0-240,3.10.0-1160,3.10.0-957.65.1,3.10.0-1062.40.1;kernel-rt-core - 4.18.0-240.rt7.54;kernel-rt-debug-debuginfo - 4.18.0-240.rt7.54;kernel-abi-whitelists - 3.10.0-957.65.1,4.18.0-240,3.10.0-1160,3.10.0-1062.40.1;kernel-zfcpdump-modules - 4.18.0-240;kernel-rt-trace-devel - 3.10.0-1160.rt56.1131;kernel-debug-modules-extra - 4.18.0-240,4.18.0-240,4.18.0-240,4.18.0-240;kernel-rt-debug-kvm - 3.10.0-1160.rt56.1131,4.18.0-240.rt7.54;kernel-bootwrapper - 3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160,3.10.0-1062.40.1,3.10.0-957.65.1,3.10.0-1160;kernel-rt-debuginfo - 4.18.0-240.rt7.54;kernel-rt-debug-modules - 4.18.0-240.rt7.54;kernel-zfcpdump-devel - 4.18.0-240;perf - 3.10.0-1160;bpftool - 4.18.0-240;kernel-tools-libs - 3.10.0-1160

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by WhiteSource because the vulnerable library in the specific branch(es) has been detected in the WhiteSource inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.