CVE-2019-20095

Published: Dic 30, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-10651 Aliases: GSD-2019-20095

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,5

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

MEDIUM 4,9

Source: [email protected]

Access Vector: local

Access Complexity: low

Authentication: none

Confidentiality: none

Integrity: none

Availability: complete

Description

AI Translation Available

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0013

Percentile

0,3th

Updated

EPSS Score Trend (Last 90 Days)

401

Missing Release of Memory after Effective Lifetime

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Instability Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Reduce Performance

Applicable Platforms

Languages: C, C++, Not Language-Specific

Likelihood of Exploit: Medium

View CWE Details

Operating System

A400 Firmware by Netapp

Product Information

Vendor Netapp

Product A400 Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Data Availability Services by Netapp

Product Information

Vendor Netapp

Product Data Availability Services

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

8700 Firmware by Netapp

Product Information

Vendor Netapp

Product 8700 Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Active Iq Unified Manager by Netapp

Product Information

Vendor Netapp

Product Active Iq Unified Manager

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

8300 Firmware by Netapp

Product Information

Vendor Netapp

Product 8300 Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Cloud Backup by Netapp

Product Information

Vendor Netapp

Product Cloud Backup

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Hci Management Node by Netapp

Product Information

Vendor Netapp

Product Hci Management Node

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Solidfire by Netapp

Product Information

Vendor Netapp

Product Solidfire

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Leap by Opensuse

Product Information

Vendor Opensuse

Product Leap

Version 15.1

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Linux Kernel by Linux

Product Information

Vendor Linux

Product Linux Kernel

Version Range Affected

To 5.1.6 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Steelstore Cloud Integrated Storage by Netapp

Product Information

Vendor Netapp

Product Steelstore Cloud Integrated Storage

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

H610S Firmware by Netapp

Product Information

Vendor Netapp

Product H610S Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

A700S Firmware by Netapp

Product Information

Vendor Netapp

Product A700S Firmware

Version -

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

E-Series Santricity Os Controller by Netapp

Product Information

Vendor Netapp

Product E-Series Santricity Os Controller

Version Range Affected

From 11.0.0 (inclusive)

To 11.70.1 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

http://lists.opensuse.org/opensuse-security-announce/2020-0…

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6

Release Notes Vendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li…

Release Notes Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0…

https://security.netapp.com/advisory/ntap-20200204-0002/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200204-0002/

http://lists.opensuse.org/opensuse-security-announce/2020-0…

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6

Release Notes Vendor Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li…

Release Notes Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0…

https://security.netapp.com/advisory/ntap-20200204-0002/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200204-0002/

CVE-2019-20095

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Missing Release of Memory after Effective Lifetime

Common Consequences

Applicable Platforms

A400 Firmware by Netapp

Product Information

Data Availability Services by Netapp

Product Information

8700 Firmware by Netapp

Product Information

Active Iq Unified Manager by Netapp

Product Information

8300 Firmware by Netapp

Product Information

Cloud Backup by Netapp

Product Information

Hci Management Node by Netapp

Product Information

Solidfire by Netapp

Product Information

Leap by Opensuse

Product Information

Linux Kernel by Linux

Product Information

Steelstore Cloud Integrated Storage by Netapp

Product Information

H610S Firmware by Netapp

Product Information

A700S Firmware by Netapp

Product Information

E-Series Santricity Os Controller by Netapp

Product Information

Iscriviti alla newsletter