mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | Mailing List Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc | Release Notes Vendor Advisory |
https://security.netapp.com/advisory/ntap-20200204-0002/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
18 Apr 2022, 15:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp a700s
Netapp hci Management Node Netapp 8300 Firmware Netapp a400 Netapp e-series Santricity Os Controller Netapp Netapp a700s Firmware Netapp 8700 Firmware Netapp h610s Netapp 8700 Netapp 8300 Netapp cloud Backup Netapp active Iq Unified Manager Netapp data Availability Services Netapp a400 Firmware Opensuse leap Netapp steelstore Cloud Integrated Storage Netapp h610s Firmware Netapp solidfire Opensuse |
|
CPE | cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:* |
|
CWE | CWE-401 | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200204-0002/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html - Mailing List, Third Party Advisory |
Information
Published : 2019-12-30 05:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-20095
Mitre link : CVE-2019-20095
CVE.ORG link : CVE-2019-20095
JSON object : View
Products Affected
netapp
- a700s_firmware
- 8300_firmware
- a400_firmware
- data_availability_services
- 8700
- cloud_backup
- h610s_firmware
- hci_management_node
- a700s
- h610s
- 8700_firmware
- active_iq_unified_manager
- 8300
- a400
- steelstore_cloud_integrated_storage
- e-series_santricity_os_controller
- solidfire
linux
- linux_kernel
opensuse
- leap
CWE
CWE-401
Missing Release of Memory after Effective Lifetime