CVE-2019-20095

MEDIUM

Linux Kernel < 5.1.6 - Memory Leak

Title source: rule

Description

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.

References (4)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

[Release Notes, Vendor Advisory] https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6

[Release Notes, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200204-0002/

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (14)

linux/linux_kernel < 5.1.6

opensuse/leap

netapp/active_iq_unified_manager

netapp/cloud_backup

netapp/data_availability_services

netapp/e-series_santricity_os_controller < 11.70.1

netapp/hci_management_node

netapp/solidfire

netapp/steelstore_cloud_integrated_storage

netapp/a700s_firmware

netapp/8300_firmware

netapp/8700_firmware

netapp/a400_firmware

netapp/h610s_firmware

Timeline

Published Dec 30, 2019

Tracked Since Feb 18, 2026