Note:
This project will be discontinued after December 13, 2021. [more]
2019-11-18
A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers/net/ethernet/mellanox/mlx5/core/health.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_crdump_collect() failures, aka CID-c7ed6d0183d5.
| Products | Ubuntu_linux, Linux_kernel |
| Type | Uncontrolled Resource Consumption (CWE-400) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://usn.ubuntu.com/4225-1/
• https://security.netapp.com/advisory/ntap-20191205-0001/ • https://github.com/torvalds/linux/commit/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 |