CVE-2019-19054 (Medium) detected in linuxlinux-4.19.88 - autoclosed

[mend-bolt-for-github]

CVE-2019-19054 - Medium Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.88

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in base branch: master

Vulnerable Source Files (2)

/drivers/media/pci/cx23885/cx23888-ir.c
/drivers/media/pci/cx23885/cx23888-ir.c

Vulnerability Details

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.

Publish Date: 2019-11-18

URL: CVE-2019-19054

CVSS 3 Score Details (4.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19054

Release Date: 2019-11-18

Fix Resolution: v5.5-rc1

---

Step up your Open Source Security Game with Mend here