CVE-2019-19083

Description

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.03%• Percentile: 11%

Techniques & Countermeasures

• CWE-401•Missing Release of Memory after Effective Lifetime

  The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 18.04 | 19.04 | 19.10

• linux•linux_kernel

  < 5.3.8

• opensuse•leap

  15.1

References (8)

• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.8
• https://github.com/torvalds/linux/commit/055e547478a11a6360c7ce05e2afc3e366968a12
• https://usn.ubuntu.com/4208-1/
• https://security.netapp.com/advisory/ntap-20191205-0001/
• http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
• https://usn.ubuntu.com/4227-1/
• https://usn.ubuntu.com/4226-1/
• https://usn.ubuntu.com/4227-2/