ASA-2019-00644 – Linux kernel: A memory leak in ql_alloc_large_buffers()

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00644

Identifier(s)

ASA-2019-00644, CVE-2019-18806, CID-1acb8f2a7a9f

Title

A memory leak in ql_alloc_large_buffers()

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel versions before 5.4

Linux kernel versions 5.3.x before 5.3.5

Linux kernel versions since the following commit:

qla3xxx: Check return code from pci_map_single() in ql_release_to_lrg_buf_free_list(), ql_populate_free_queue(), ql_alloc_large_buffers(), and ql3xxx_send()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f8ab89e825f8c9f1c84c558ad7e2e4006aee0d3

Fixed version(s)

Linux kernel version 5.4

Linux kernel version 5.3.5

Linux kernel versions with the following commit applied:

net: qlogic: Fix memory leak in ql_alloc_large_buffers
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4

Proof of concept

Unknown

Description

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures.

Technical details

Unknown

Credits

Unknown

Reference(s)

net: qlogic: Fix memory leak in ql_alloc_large_buffers
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4

qla3xxx: Check return code from pci_map_single() in ql_release_to_lrg_buf_free_list(), ql_populate_free_queue(), ql_alloc_large_buffers(), and ql3xxx_send()
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f8ab89e825f8c9f1c84c558ad7e2e4006aee0d3

net: qlogic: Fix memory leak in ql_alloc_large_buffers
https://github.com/torvalds/linux/commit/1acb8f2a7a9f10543868ddd737e37424d5c36cf4

qla3xxx: Check return code from pci_map_single() in ql_release_to_lrg_buf_free_list(), ql_populate_free_queue(), ql_alloc_large_buffers(), and ql3xxx_send()
https://github.com/torvalds/linux/commit/0f8ab89e825f8c9f1c84c558ad7e2e4006aee0d3

Linux 5.4
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4

Linux 5.3.5
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5

CVE-2019-18806 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-18806

CVE-2019-18806
https://security-tracker.debian.org/tracker/CVE-2019-18806

CVE-2019-18806 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18806.html

CVE-2019-18806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18806

CVE-2019-18806
https://nvd.nist.gov/vuln/detail/CVE-2019-18806

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 10, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.