Allele Security Alert
ASA-2019-00638
Identifier(s)
ASA-2019-00638, CVE-2019-18812, CID-c0a333d842ef
Title
Memory leak in sof_dfsentry_write()
Vendor(s)
Linux foundation
Product(s)
Linux kernel
Affected version(s)
Linux kernel upstream versions before 5.4
Linux kernel versions since the following commit:
ASoC: SOF: debug: add new debugfs entries for IPC flood test
https://github.com/torvalds/linux/commit/091c12e1f50cce93b1af90e56cad88787ec86dfb
Fixed version(s)
Linux kernel upstream version 5.4
Linux kernel versions with the following commit applied:
ASoC: SOF: Fix memory leak in sof_dfsentry_write
https://github.com/torvalds/linux/commit/c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed
Proof of concept
Unknown
Description
A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
Technical details
Unknown
Credits
Navid Emamdoost
Reference(s)
ASoC: SOF: Fix memory leak in sof_dfsentry_write
https://github.com/torvalds/linux/commit/c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed
ASoC: SOF: debug: add new debugfs entries for IPC flood test
https://github.com/torvalds/linux/commit/091c12e1f50cce93b1af90e56cad88787ec86dfb
Linux 5.4
https://lkml.org/lkml/2019/11/24/187
Linux 5.4-rc7
https://lkml.org/lkml/2019/11/10/219
Linux 5.4
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4
CVE-2019-18812
https://security-tracker.debian.org/tracker/CVE-2019-18812
CVE-2019-18812 | SUSE
https://www.suse.com/security/cve/CVE-2019-18812
VUL-1: CVE-2019-18812: kernel-source: memory leak in sof_dfsentry_write() from sound/soc/sof/debug.c
https://bugzilla.suse.com/show_bug.cgi?id=1156277
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18812.html
CVE-2019-18812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18812
CVE-2019-18812
https://nvd.nist.gov/vuln/detail/CVE-2019-18812
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 25, 2019