Allele Security Alert
ASA-2019-00641
Identifier(s)
ASA-2019-00641, CVE-2019-18809, CID-2289adbfa559
Title
Memory leak in af9005_identify_state()
Vendor(s)
Linux foundation
Product(s)
Linux kernel
Affected version(s)
Linux kernel versions since the following commit:
V4L/DVB (5625): Add support for the AF9005 demodulator from Afatech
https://github.com/torvalds/linux/commit/af4e067e1dcf926d9523dff11e46c45fd9fa9da2
Fixed version(s)
Linux kernel versions with the following commit applied:
media: usb: fix memory leak in af9005_identify_state
https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928
Proof of concept
Unknown
Description
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
Technical details
Unknown
Credits
Unknown
Reference(s)
media: usb: fix memory leak in af9005_identify_state
https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928
V4L/DVB (5625): Add support for the AF9005 demodulator from Afatech
https://github.com/torvalds/linux/commit/af4e067e1dcf926d9523dff11e46c45fd9fa9da2
media: usb: fix memory leak in af9005_identify_state
https://git.linuxtv.org/media_tree.git/commit/?id=2289adbfa559050d2a38bcd9caac1c18b800e928
CVE-2019-18809
https://security-tracker.debian.org/tracker/CVE-2019-18809
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18809.html
CVE-2019-18809 | SUSE
https://www.suse.com/security/cve/CVE-2019-18809
CVE-2019-18809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18809
CVE-2019-18809
https://nvd.nist.gov/vuln/detail/CVE-2019-18809
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 10, 2019