A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1775023]
How is this a separate CVE? It seems a duplicate of CVE-2019-19050 rhbz 1774998
This issue is rated as having Low impact because of the preconditions needed to trigger the error cleanup code path.
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module crypto_user. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:2854 https://access.redhat.com/errata/RHSA-2020:2854
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):