678470 – (CVE-2019-8980) A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 - (CVE-2019-8980)

Bug 678470 (CVE-2019-8980) - A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 - (CVE-2019-8980)

Summary: A memory leak in the kernel_read_file function in fs/exec.c in the Linux kern...

Status:	RESOLVED FIXED

Alias:	CVE-2019-8980

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:	B3
Keywords:

Depends on:
Blocks:

Reported:	2019-02-21 07:56 UTC by Fadi Abu Sneineh
Modified:	2022-03-26 00:54 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fadi Abu Sneineh 2019-02-21 07:56:20 UTC

A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. 

Reference:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8980
* https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1935698.html


--
Fadi

Comment 1 John Helmert III archtester

2022-03-26 00:54:39 UTC

Fix in 4.9.163, 4.14.106, 4.19.28, 5.1