Bug 1774972 (CVE-2019-19043) - CVE-2019-19043 kernel: dos in i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c
Summary: CVE-2019-19043 kernel: dos in i40e_setup_macvlans() function in drivers/net/e...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-19043
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1774973
Blocks: 1775019
TreeView+ depends on / blocked
 
Reported: 2019-11-21 10:56 UTC by Dhananjay Arunesh
Modified: 2020-05-06 15:14 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The i40e_setup_macvlans function mishandles resource cleanup. A local attacker, able to induce the error conditions, could use this flaw to crash the system. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2020-04-30 13:04:45 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-11-21 10:56:34 UTC
A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering i40e_setup_channel() failures

Reference:
https://github.com/torvalds/linux/commit/27d461333459d282ffa4a2bdb6b215a59d493a8f

Comment 1 Dhananjay Arunesh 2019-11-21 10:57:23 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1774973]

Comment 4 Petr Matousek 2020-04-30 12:58:19 UTC
Statement:

This issue is rated as having Moderate impact because of the preconditions needed to trigger the error code path.

Comment 5 Petr Matousek 2020-04-30 12:58:24 UTC
Mitigation:

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module i40e. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .


Note You need to log in before you can comment on or make changes to this bug.