A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
Reference and upstream commit:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1776376]
This was fixed for Fedora with the 5.3.4 stable kernel updates.
This issue is rated as having Low impact because of the low memory conditions needed to trigger this issue.
To mitigate this issue, prevent module nfp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.