Bug 1775015 (CVE-2019-19063)

Summary: CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: acaringi, airlied, bdettelb, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, pmatouse, qzhao, rt-maint, rvrbovsk, steved, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-29 21:58:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1775016, 1829847, 1829848, 1829849, 1829850, 1829851    
Bug Blocks: 1775018    

Description Marian Rehak 2019-11-21 11:24:14 UTC 
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption).

Upstream Issue:

https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb
Comment 1 Marian Rehak 2019-11-21 11:24:35 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1775016]
Comment 2 Dave Baker 2019-11-25 17:21:41 UTC 
Closing services.  No wifi usage in this environment.
Comment 4 Petr Matousek 2020-04-30 13:17:45 UTC 
Statement:

This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).
Comment 5 Petr Matousek 2020-04-30 13:17:49 UTC 
Mitigation:

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
Comment 9 errata-xmlrpc 2020-09-29 18:58:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
Comment 10 errata-xmlrpc 2020-09-29 20:51:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060
Comment 11 Product Security DevOps Team 2020-09-29 21:58:55 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19063
Comment 27 errata-xmlrpc 2020-11-04 00:49:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4431 https://access.redhat.com/errata/RHSA-2020:4431
Comment 28 errata-xmlrpc 2020-11-04 02:21:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4609 https://access.redhat.com/errata/RHSA-2020:4609