Description
A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot
References (4)
Core 4
Core References
Release Notes x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10
Patch x_refsource_misc
https://github.com/torvalds/linux/commit/e13de8fe0d6a51341671bbe384826d527afe8d44
Issue Tracking x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1157173
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Scores
CVSS v3
7.5
EPSS
0.0068
EPSS Percentile
71.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-401
Status
published
Products (2)
linux/linux_kernel
3.17 - 4.4.200
opensuse/leap
15.1
Published
Nov 18, 2019
Tracked Since
Feb 18, 2026