Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-18812

Published: 7 November 2019

A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.

Priority

Negligible

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
linux-oem
Launchpad, Ubuntu, Debian
trusty Does not exist

bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
linux
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Ignored
(was needs-triage ESM criteria)
upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
Patches:
Introduced by

091c12e1f50cce93b1af90e56cad88787ec86dfb

Fixed by c0a333d842ef67ac04adc72ff79dc1ccc3dca4ed
linux-azure-edge
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
linux-gcp
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Does not exist

eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-aws
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Ignored
(was needs-triage ESM criteria)
upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-azure
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Ignored
(was needs-triage ESM criteria)
upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-gcp-edge
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-kvm
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

trusty Ignored
(was needs-triage ESM criteria)
upstream Needs triage

xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Does not exist

upstream Needs triage

xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-raspi2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
linux-snapdragon
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
disco Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)
eoan Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(CONFIG_SND_SOC_SOF_DEBUG_IPC_FLOOD_TEST is not enabled)

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H