ASA-2019-00639 – Linux kernel: Memory leak in sof_set_get_large_ctrl_data()


Allele Security Alert

ASA-2019-00639

Identifier(s)

ASA-2019-00639, CVE-2019-18811, CID-45c1380358b1

Title

Memory leak in sof_set_get_large_ctrl_data()

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel upstream versions before 5.4

Linux kernel versions with the following commit applied:

ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly
https://github.com/torvalds/linux/commit/54d198d5019dd98b9bcb9099a389608d7e2cccad

Fixed version(s)

Linux kernel upstream version 5.4

Linux kernel versions with the following commit applied:

ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
https://github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34ab

Proof of concept

Unknown

Description

A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel allows attackers to cause a denial of service (memory consumption) by triggering sof_get_ctrl_copy_params() failures.

Technical details

Unknown

Credits

Navid Emamdoost

Reference(s)

ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
https://github.com/torvalds/linux/commit/45c1380358b12bf2d1db20a5874e9544f56b34ab

ASoC: SOF: Propagate sof_get_ctrl_copy_params() error properly
https://github.com/torvalds/linux/commit/54d198d5019dd98b9bcb9099a389608d7e2cccad

Linux 5.4
https://lkml.org/lkml/2019/11/24/187

Linux 5.4
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4

Linux 5.4-rc7
https://lkml.org/lkml/2019/11/10/219

CVE-2019-18811 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18811.html

CVE-2019-18811
https://security-tracker.debian.org/tracker/CVE-2019-18811

CVE-2019-18811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18811

CVE-2019-18811
https://nvd.nist.gov/vuln/detail/CVE-2019-18811

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 25, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.