Bug 1775724 (CVE-2019-19077) - CVE-2019-19077 kernel: memory leak in bnxt_re_create_srq function in drivers/infiniband/hw/bnxt_re/ib_verbs.c
Summary: CVE-2019-19077 kernel: memory leak in bnxt_re_create_srq function in drivers/...
Alias: CVE-2019-19077
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1724772 1775725 1829254 1829255 1829256 1829257
Blocks: 1775726
TreeView+ depends on / blocked
Reported: 2019-11-22 16:33 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-10-06 18:48 UTC (History)
46 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A memory leak flaw was found in the Broadcom NetXtreme HCA driver in the Linux kernel, in the way it handled resource cleanup on the copy to userspace error. This flaw allows a local attacker to trigger this error and crash the system.
Clone Of:
Last Closed: 2021-10-25 22:12:51 UTC

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2019-11-22 16:33:49 UTC
A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.

Upstream commit:

Comment 1 Guilherme de Almeida Suckevicz 2019-11-22 16:34:18 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1775725]

Comment 2 Justin M. Forbes 2019-11-27 17:32:15 UTC
This is fixed for Fedora in the 5.3.13 stable kernel update.

Comment 5 Petr Matousek 2020-04-29 10:12:09 UTC

This issue is rated as having Moderate impact because local attacker is needed in order to trigger it.

Comment 6 Petr Matousek 2020-04-29 10:12:18 UTC

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module bnxt_re. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .

Note You need to log in before you can comment on or make changes to this bug.