Allele Security Alert
ASA-2019-00642
Identifier(s)
ASA-2019-00642, CVE-2019-18808, CID-128c66429247
Title
A memory leak in ccp_run_sha_cmd()
Vendor(s)
Linux foundation
Product(s)
Linux kernel
Affected version(s)
Unknown
Fixed version(s)
Linux kernel versions with the following commit applied:
crypto: ccp – Release all allocated memory if sha type is invalid
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=128c66429247add5128c03dc1e144ca56f05a4e2
Proof of concept
Unknown
Description
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption).
Technical details
Unknown
Credits
Unknown
Reference(s)
crypto: ccp – Release all allocated memory if sha type is invalid
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=128c66429247add5128c03dc1e144ca56f05a4e2
crypto: ccp – Release all allocated memory if sha type is invalid
https://github.com/torvalds/linux/commit/128c66429247add5128c03dc1e144ca56f05a4e2
[PATCH] crypto: ccp – release hmac_buf if ccp_run_sha_cmd fails
https://lore.kernel.org/lkml/20190913234824.8521-1-navid.emamdoost@gmail.com/
CVE-2019-18808 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-18808
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18808.html
CVE-2019-18808 | SUSE
https://www.suse.com/security/cve/CVE-2019-18808
CVE-2019-18808
https://security-tracker.debian.org/tracker/CVE-2019-18808
CVE-2019-18808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18808
CVE-2019-18808
https://nvd.nist.gov/vuln/detail/CVE-2019-18808
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 10, 2019