{ "threat_severity" : "Moderate", "public_date" : "2019-11-18T00:00:00Z", "bugzilla" : { "description" : "kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c", "id" : "1774988", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1774988" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-401->CWE-400", "details" : [ "A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time", "A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:4062", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-1160.rt56.1131.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-08-25T00:00:00Z", "advisory" : "RHSA-2020:3545", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-alt-0:4.14.0-115.29.1.el7a" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-09-29T00:00:00Z", "advisory" : "RHSA-2020:4060", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1160.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date" : "2020-12-22T00:00:00Z", "advisory" : "RHSA-2020:5656", "cpe" : "cpe:/o:redhat:rhel_eus:7.6", "package" : "kernel-0:3.10.0-957.65.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2020-11-24T00:00:00Z", "advisory" : "RHSA-2020:5206", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "kernel-0:3.10.0-1062.40.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4609", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-240.rt7.54.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4431", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-240.el8" }, { "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2020-12-22T00:00:00Z", "advisory" : "RHSA-2020:5656", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "kernel-0:3.10.0-957.65.1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-19046\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19046" ], "name" : "CVE-2019-19046", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }