Login Sign Up

CVE-2019-19044

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability involves two memory leaks in the Linux kernel's v3d GPU driver that allow attackers to cause denial of service through memory exhaustion. It affects Linux systems with vulnerable kernel versions that use the v3d graphics driver. The vulnerability requires local access to trigger the memory leaks.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions before 5.3.11
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the v3d GPU driver (typically Broadcom VideoCore graphics). Systems without this driver or with it disabled are not vulnerable.

📦 What is this software?

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Aff Baseboard Management Controller by Netapp

View all CVEs affecting Aff Baseboard Management Controller →

Brocade Fabric Operating System Firmware by Broadcom

View all CVEs affecting Brocade Fabric Operating System Firmware →

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Data Availability Services by Netapp

View all CVEs affecting Data Availability Services →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

Fas\/aff Baseboard Management Controller by Netapp

View all CVEs affecting Fas\/aff Baseboard Management Controller →

Hci Baseboard Management Controller by Netapp

View all CVEs affecting Hci Baseboard Management Controller →

Hci Compute Node Firmware by Netapp

View all CVEs affecting Hci Compute Node Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire \& Hci Management Node by Netapp

View all CVEs affecting Solidfire \& Hci Management Node →

Solidfire Baseboard Management Controller Firmware by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller Firmware →

Solidfire\, Enterprise Sds \& Hci Storage Node by Netapp

View all CVEs affecting Solidfire\, Enterprise Sds \& Hci Storage Node →

Steelstore Cloud Integrated Storage by Netapp

View all CVEs affecting Steelstore Cloud Integrated Storage →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to kernel memory exhaustion, potentially requiring hard reboot and causing service disruption.

🟠

Likely Case

Degraded system performance and eventual denial of service on affected systems, requiring system restart to recover.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring; memory leaks would be contained to specific processes.

🌐 Internet-Facing: LOW - Requires local access to trigger the ioctl calls, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes with appropriate permissions can trigger the memory leaks, potentially affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger specific ioctl failures. No public exploit code has been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.3.11 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.3.11 or later. 2. For distributions: Use package manager (apt-get upgrade, yum update, etc.). 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable v3d driver module

linux

Prevent loading of vulnerable v3d GPU driver if not needed

echo 'blacklist v3d' >> /etc/modprobe.d/blacklist.conf
rmmod v3d

Restrict ioctl access

linux

Limit access to the vulnerable ioctl interface using SELinux/AppArmor

# Configure appropriate SELinux/AppArmor policies to restrict v3d device access

🧯 If You Can't Patch

  • Implement strict access controls to limit which users/processes can access GPU devices
  • Monitor system memory usage and implement alerts for abnormal memory consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare to 5.3.11. Also check if v3d module is loaded: lsmod | grep v3d

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.3.11 or later: uname -r. Check that the fix commit 29cd13cfd762 is included in your kernel.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • System memory exhaustion warnings in syslog
  • Failed v3d driver initialization attempts

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "v3d")

📊 Metadata

CVE ID: CVE-2019-19044
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: November 18, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19044, you might also want to check these:

CVE-2019-17340 8.8

This vulnerability in Xen hypervisor allows x86 guest OS users to cause denial of service or potenti...

Same vulnerability type (CWE-401)
CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)