CVE-2019-19060
📋 TL;DR
This vulnerability is a memory leak in the Linux kernel's ADIS IMU driver that allows attackers to cause denial of service by consuming all available memory. It affects Linux systems using the affected driver before kernel version 5.3.9. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Aff Baseboard Management Controller by Netapp
View all CVEs affecting Aff Baseboard Management Controller →
Brocade Fabric Operating System Firmware by Broadcom
View all CVEs affecting Brocade Fabric Operating System Firmware →
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
E Series Santricity Os Controller by Netapp
Fas\/aff Baseboard Management Controller by Netapp
View all CVEs affecting Fas\/aff Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Leap by Opensuse
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire \& Hci Management Node by Netapp
Solidfire Baseboard Management Controller Firmware by Netapp
View all CVEs affecting Solidfire Baseboard Management Controller Firmware →
Solidfire\, Enterprise Sds \& Hci Storage Node by Netapp
View all CVEs affecting Solidfire\, Enterprise Sds \& Hci Storage Node →
Steelstore Cloud Integrated Storage by Netapp
View all CVEs affecting Steelstore Cloud Integrated Storage →
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Complete system unavailability due to memory exhaustion, requiring hard reboot and potential data loss.
Likely Case
Degraded system performance leading to application failures and service disruption.
If Mitigated
Limited impact with proper memory monitoring and process isolation in place.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the vulnerable function repeatedly. No public exploit code has been documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.3.9 and later
Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.3.9 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ADIS IMU driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist adis' >> /etc/modprobe.d/blacklist.conf
rmmod adis
Memory usage monitoring
linuxMonitor memory consumption and restart affected processes
# Set up monitoring with tools like atop, htop, or custom scripts
🧯 If You Can't Patch
- Implement strict access controls to limit who can access devices using ADIS IMU driver
- Deploy memory monitoring and alerting to detect memory exhaustion patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is < 5.3.9 and ADIS driver is loaded (lsmod | grep adis), system is vulnerable.Check Version:
uname -rVerify Fix Applied:
After update, verify kernel version is ≥ 5.3.9 with uname -r and check commit ab612b1daf41 is included.📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in /var/log/kern.log or dmesg
- Rapid memory consumption by kernel processes
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "oom") AND process="adis"🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
- https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4208-1/
- https://usn.ubuntu.com/4210-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4364-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9
- https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://usn.ubuntu.com/4208-1/
- https://usn.ubuntu.com/4210-1/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4364-1/
