1775004 – (CVE-2019-19051) CVE-2019-19051 kernel: dos in i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c

Bug 1775004 (CVE-2019-19051) - CVE-2019-19051 kernel: dos in i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c

Summary: CVE-2019-19051 kernel: dos in i2400m_op_rfkill_sw_toggle() function in driver...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2019-19051
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1775005
Blocks:	1775039
TreeView+	depends on / blocked

Reported:	2019-11-21 11:17 UTC by Dhananjay Arunesh
Modified:	2023-03-24 16:08 UTC (History)
CC List:	48 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the way the Linux kernel's WiMAX i2400 driver handled memory release in certain error codes path in the RF kill switch control function. A local attacker able to control the device could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed:	2020-02-25 14:45:47 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-11-21 11:17:18 UTC

A vulnerability was found in Linux Kernel where, a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c allows attackers to cause a denial of service (memory consumption).

Reference:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11
https://github.com/torvalds/linux/commit/6f3ef5c25cc762687a7341c18cbea5af54461407

Comment 1 Dhananjay Arunesh 2019-11-21 11:17:51 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1775005]

Comment 2 Justin M. Forbes 2019-11-21 17:34:14 UTC

This was fixed for Fedora with the 5.3.11 stable kernel update.

Comment 3 Petr Matousek 2020-02-25 14:43:42 UTC

Mitigation:

As the i2400m module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

# echo "install i2400m /bin/true" >> /etc/modprobe.d/disable-i2400m.conf

The system will need to be restarted if the i2400m module is already loaded. In most circumstances, the i2400m kernel module will be unable to be unloaded while the device is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bdettelb
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jschorr
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
masami256
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
qzhao
rt-maint
rvrbovsk
steved
williams
yozone