CVE-2019-18813

HIGH

Linux Kernel < 4.19.84 - Memory Leak in dwc3_pci_probe

Title source: llm

Description

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.

References (5)

Core 5

Core References

Mailing List, Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bbfceea12a8f145097a27d7c7267af25893c060

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20191205-0001/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4226-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4225-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4225-2/

Scores

CVSS v3 7.5

EPSS 0.0149

EPSS Percentile 81.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (4)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

canonical/ubuntu_linux 19.10

linux/linux_kernel 4.19 - 4.19.84

Published Nov 07, 2019

Tracked Since Feb 18, 2026