ASA-2019-00637 – Linux kernel: Memory leak in dwc3_pci_probe()

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00637

Identifier(s)

ASA-2019-00637, CVE-2019-18813, CID-9bbfceea12a8

Title

Memory leak in dwc3_pci_probe()

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel upstream versions before 5.4

Linux kernel stable versions 5.3.x before 5.3.11
Linux kernel stable versions 4.19.x before 4.19.84

Linux kernel versions with the following commit applied:

usb: dwc3: pci: Supply device properties via driver data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a7b12f69a9434a766e77c43d113826f0413b032

Fixed version(s)

Linux kernel upstream version 5.4

Linux kernel stable version 5.3.11
Linux kernel stable version 4.19.84

Linux kernel versions with the following commit applied:

usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060

Proof of concept

Unknown

Description

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures.

Technical details

Unknown

Credits

Navid Emamdoost

Reference(s)

usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060

usb: dwc3: pci: Supply device properties via driver data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a7b12f69a9434a766e77c43d113826f0413b032

usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
https://github.com/torvalds/linux/commit/9bbfceea12a8f145097a27d7c7267af25893c060

usb: dwc3: pci: Supply device properties via driver data
https://github.com/torvalds/linux/commit/1a7b12f69a9434a766e77c43d113826f0413b032

Linux 5.4
https://lkml.org/lkml/2019/11/24/187

Linux 5.4-rc6
https://lkml.org/lkml/2019/11/3/208

Linux 5.3.11
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

Linux 4.19.84
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.84

CVE-2019-18813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18813

CVE-2019-18813
https://nvd.nist.gov/vuln/detail/CVE-2019-18813

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 25, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.