1774933 – (CVE-2019-19074) CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS

Bug 1774933 (CVE-2019-19074) - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS

Summary: CVE-2019-19074 kernel: a memory leak in the ath9k management function in allo...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-19074
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1774934 1778581 1778582 1778583 1778584 1778585
Blocks:	1774935
TreeView+	depends on / blocked

Reported:	2019-11-21 10:12 UTC by Marian Rehak
Modified:	2020-06-19 01:50 UTC (History)
CC List:	48 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-28 16:34:41 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:2052	None	None	None	2020-05-11 12:53:54 UTC
Red Hat Product Errata	RHBA-2020:2626	None	None	None	2020-06-19 01:50:00 UTC
Red Hat Product Errata	RHSA-2020:1567	None	None	None	2020-04-28 15:25:13 UTC
Red Hat Product Errata	RHSA-2020:1769	None	None	None	2020-04-28 15:51:43 UTC

Description Marian Rehak 2019-11-21 10:12:12 UTC

A memory leak in the Atheros Wireless Module Interface (WMI) function (ath9k_wmi_cmd) in in the Linux kernel through 5.3.11 allows a local attacker, who has permissions to issue wifi device access control to cause a denial of service (memory consumption).

Upstream Reference:

https://github.com/torvalds/linux/commit/728c1e2a05e4b5fc52fab3421dce772a806612a2

Comment 1 Marian Rehak 2019-11-21 10:12:33 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1774934]

Comment 6 Wade Mealing 2019-12-02 05:18:06 UTC

At this time it is understood that this flaw does not qualify kernel-rt or mrg-2 fixes due to the current product lifecycle.

Comment 7 errata-xmlrpc 2020-04-28 15:25:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1567 https://access.redhat.com/errata/RHSA-2020:1567

Comment 8 errata-xmlrpc 2020-04-28 15:51:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1769 https://access.redhat.com/errata/RHSA-2020:1769

Comment 9 Product Security DevOps Team 2020-04-28 16:34:41 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-19074

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bdettelb
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jschorr
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
masami256
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
qzhao
rt-maint
rvrbovsk
steved
williams
wmealing