ASA-2019-00642 – Linux kernel: A memory leak in ccp_run_sha_cmd()


Allele Security Alert

ASA-2019-00642

Identifier(s)

ASA-2019-00642, CVE-2019-18808, CID-128c66429247

Title

A memory leak in ccp_run_sha_cmd()

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Unknown

Fixed version(s)

Linux kernel versions with the following commit applied:

crypto: ccp – Release all allocated memory if sha type is invalid
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=128c66429247add5128c03dc1e144ca56f05a4e2

Proof of concept

Unknown

Description

A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).

Technical details

Unknown

Credits

Unknown

Reference(s)

crypto: ccp – Release all allocated memory if sha type is invalid
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=128c66429247add5128c03dc1e144ca56f05a4e2

crypto: ccp – Release all allocated memory if sha type is invalid
https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2

[PATCH] crypto: ccp – release hmac_buf if ccp_run_sha_cmd fails
https://lore.kernel.org/lkml/20190913234824.8521-1-navid.emamdoost@gmail.com/

CVE-2019-18808 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-18808

CVE-2019-18808 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18808.html

CVE-2019-18808 | SUSE
https://www.suse.com/security/cve/CVE-2019-18808

CVE-2019-18808
https://security-tracker.debian.org/tracker/CVE-2019-18808

CVE-2019-18808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18808

CVE-2019-18808
https://nvd.nist.gov/vuln/detail/CVE-2019-18808

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 10, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.