CVE-2019-18806
MEDIUMLinux Kernel < 5.3.5 - Denial of Service via Memory Leak in qla3xxx Driver
Title source: llmDescription
A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.
References (2)
Core 2
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1acb8f2a7a9f10543868ddd737e37424d5c36cf4
Mailing List, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.5
Scores
CVSS v3
5.5
EPSS
0.0035
EPSS Percentile
26.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (1)
linux/linux_kernel
< 5.3.5
Published
Nov 07, 2019
Tracked Since
Feb 18, 2026